Encryption policies for FileVault 2 full disk encryption

The security officer can create a policy for encryption in the SafeGuard Management Center and distribute it to the FileVault 2 endpoints where it is executed.

As the FileVault 2 endpoints are managed transparently in the SafeGuard Management Center, the security officer does not necessarily have to specify any special FileVault 2 settings for encryption. SafeGuard Enterprise knows the client status and selects the FileVault 2 encryption accordingly.

A FileVault 2 endpoint only processes policies of type Device Protection with target Boot Volumes and Media encryption mode set to Volume-based or No encryption. All other policy settings are ignored.
  • Volume-based activates FileVault 2 on the endpoint.
  • No encryption allows the user to decrypt the Mac.