Initial encryption

When you define a volume-based encryption of the system disk via policy, disk encryption starts automatically as soon as the user restarts the endpoint. The user needs to do the following:

  1. Enter the macOS password.
  2. Wait for the Mac to restart.
    Note If activation of the encryption fails, an error message is displayed. More information can be found in the log files. The default location is /var/log/system.log. Search for the keyword fdesetup.
  3. Disk encryption starts and is done in the background. The user can continue working.
The user is added as the first FileVault 2 user of the endpoint.