Endpoint Services, Workspace One, macOS Encryption
Automating macOS encryption with a Workspace ONE profile.
Workspace ONE Unified Endpoint Management (UEM)
University of Illinois IT Pros leveraging Technology Services Endpoint Service Workspace ONE
- Workspace ONE Agent v2.1+
- macOS 10.9+
Creating a macOS Encryption Profile in the Workspace ONE Console:
- Navigate to Devices → Profiles and Resources → Profiles
- Select Add → Add Profile
- Select macOS
- Select Device Profile
- Name the Profile and select a Smart Group
- You can use your organizational site name or select Create Smart Group.
- Enter a unique name for the new smart group using the naming convention Department-Application/Platform-[User-defined term]. For example: EPS-macOS-Encryption.
- Choose a type for the smart group by selecting either Criteria or Devices or Users.
- Criteria allows you to define smart group membership based on the following fields: organization group, user group, ownership, tags, platform and operating system, device model, and Enterprise OEM version, and allows for the addition or exclusion of individual devices, users, or user groups. If you select this type, ensure that your organizational group is checked.
- Devices or Users allows you to build a list of devices and/or individual users who should receive the application.
- After naming and defining the new smart group, click the Save button at bottom right.
- Select Disk Encryption on the left panel, then Configure.
- Leave all the defaults selected while making sure you leave the Recovery Key Type to Personal
- Click Save and Publish.
Once the profile is on the device you will need to restart the device for the encryption to start. Once the encryption is finished the recovery key is displayed in the Workspace ONE console under the summary tab in the Security section. Select View Recovery Key to view the key.