Migrate to Sophos Central Device Encryption (Mac)

If you want to use to manage Mac endpoints that are already encrypted with FileVault, you need to apply a Sophos Central Device Encryption policy to these endpoints.

Note If you are using FileVault with SafeGuard Enterprise, you must uninstall the Sophos SafeGuard Device Encryption software first.

Before users can start:

  • You must install the Sophos Central agent software on the endpoints.
  • You must configure and turn on a Device Encryption policy in .
  • Users must log on to their endpoints. They must be connected to and synchronized with . Note that remote logon is not supported.

These instructions tell you what users see and what they need to do:

  1. When users log on or when you apply a Sophos Central Device Encryption policy while the users are logged on, users are informed that Device Encryption has been set up to protect their computers.
  2. To turn on Sophos Central Device Encryption, users must enter their login password and click Create key.
    A new recovery key is created and stored centrally for recovery purposes. If there are other unencrypted internal disks, those disks are encrypted as well. You do not need a separate disk password for them.
  3. If there are internal disks that are already encrypted with a disk password, users must enter the disk password and click Proceed.
    The disk password is now managed by . The disk is unlocked automatically during startup.

The endpoint is now managed by Sophos Central Device Encryption.