The payload for configuring FileVault.
- macOS 10.9+
The DER-encoded certificate data if
Use is enabled.
true, defers enabling FileVault until the designated user logs out. For details, see
fdesetup(8). The person enabling FileVault must be either a local user or a mobile account user.
Dont Ask At User Logout
true, prevents requests for enabling FileVault at user logout time.
Force At User Login Max Bypass Attempts
The maximum number of times users can bypass enabling FileVault before being required to enable it to log in. If the value is
0, users are always prompted to enable FileVault, although they're not required to do so. Setting this key to
–1 disables the feature.
true, enables FileVault.
The path to the location where the recovery key and computer information property list are stored.
The password of the Open Directory user to be added to FileVault. Use the
User key if you want to prompt for this information.
The UUID of the payload within the same profile containing the asymmetric recovery key certificate payload.
false, prevents display of the personal recovery key to the user after FileVault is enabled.
true and no certificate information is provided in this payload, the keychain created at
/Library/Keychains/File is used when the institutional recovery key is added.
true, creates a personal recovery key and displays it to the user.
Enters Missing Info
true, enables a prompt for missing user name or password fields.
The user name of the Open Directory user to be added to FileVault.
com as the payload type.
FileVault 2 performs full XTS-AES 128 encryption on the contents of a volume. Removing the FileVault payload does not disable FileVault.
As of macOS 10.15 this payload requires User Approved MDM.
Allow Manual Install
Requires User Approved MDM
Allowed in User Enrollment
Allow Multiple Payloads