Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-06 14:58:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 134

Guide: "Enforce disk encryption when macOS hosts automatically enroll" and "Rotate FileVault (disk encryption) key w/o prompt" (#21202)

Browse source 
- Guide update for the "Enforce disk encryption when macOS hosts
automatically enroll" (#16866) and "Rotate FileVault (disk encryption)
key w/o prompt" (#13157) stories.
This commit is contained in:
Noah Talerman 2024-08-13 11:40:15 -07:00 committed by GitHub
parent 1759e6d388
commit dc6ad94de3
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 5 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
docs/Using Fleet/MDM-disk-encryption.md
View file

@ -8,7 +8,9 @@ In Fleet, you can enforce disk encryption for your macOS and Windows hosts.
When disk encryption is enforced, hosts disk encryption keys will be stored in Fleet.
For Windows hosts, disk encryption is enforced on the C: volume (default system/OS drive).
For macOS hosts that automatically enroll, disk encryption is enforced during Setup Assistant.
For Windows, disk encryption is enforced on the C: volume (default system/OS drive).
## Enforce disk encryption
@ -54,11 +56,7 @@ How to view the disk encryption key:
## Migrate macOS hosts
When migrating macOS hosts another MDM solution, in order to complete the process of encrypting the hard drive and escrowing the key in Fleet, your end users must take action.
If the host already had disk encryption turned on, the user will need to input their password.
If the host did not already have disk encryption turned on, the user will need to log out or restart their computer.
When migrating macOS hosts from another MDM solution, in order to complete the process of encrypting the hard drive and escrowing the key in Fleet, your end users must log out or restart their device.
Share [these guided instructions](./MDM-migration-guide.md#how-to-turn-on-disk-encryption) with your end users.

6
docs/Using Fleet/MDM-migration-guide.md
View file

@ -176,16 +176,12 @@ Then, scroll down to the **Mobile device management (MDM)** section.
_Available in Fleet Premium_
When migrating from a previous MDM, end users need to take action to escrow FileVault keys to Fleet. The **My device** page in Fleet Desktop will present users with instructions to reset their key.
When migrating from a previous MDM, end users need to restart or logout of their device to escrow FileVault keys to Fleet. The **My device** page in Fleet Desktop will present users with instructions to reset their key.
To start, enforce FileVault (disk encryption) and escrow in Fleet. Learn how [here](./MDM-disk-encryption.md).
After turning on disk encryption in Fleet, share [these guided instructions](#how-to-turn-on-disk-encryption) with your end users.
If your old MDM solution did not enforce disk encryption, the end user will need to restart or log out of the host.
If your old MDM solution did enforce disk encryption, the end user will need to reset their disk encryption key by following the prompt on the My device page and inputting their password.
## Activation Lock
In Fleet, the [Activation Lock](https://support.apple.com/en-us/HT208987) feature is disabled by default for automatically enrolled (DEP) hosts.