![Full Logo.png]](https://help.devicie.com/hs-fs/hubfs/Full%20Logo.png?height=30&name=Full%20Logo.png){kind=small}
MacOS Foundation - FileVault Settings
MacOS : Understanding FileVault Settings in Devicie
Overview:
Enforces and configures FileVault, macOS's built-in full-disk encryption.
Pre-Requisites:
None
Recommended Assignment Target:
All Devices
Variable Settings:
No Variables Settings for this policy
Base Settings:
| Setting | Description | Value |
| Defer | If true, the system defers enabling FileVault until the designated user logs out. | True |
| Force Enable In Setup Assistant | If true, and installation of this payload occurs after enrolling with MDM in Setup Assistant, the system requests Setup Assistant to enable FileVault at setup time. | True |
| Defer Don't Ask At User Logout | If true, the system prevents requests to enable FileVault at user logout | True |
| Defer Force At User Login Max Bypass Attempts | The maximum number of times users can bypass enabling FileVault before the system requires the user to enable it to log in. If the value is 0, the system requires the user to enable FileVault the next time they attempt to log in. | 0 |
| Enable | Set to on to enable FileVault and set off to disable FileVault | On |
| Show Recovery Key | If false, the system prevents display of the personal recovery key to the user after the system enables FileVault. | False |
| Don't Allow FDE Disable | If true, the system won't disable FileVault. | True |
| Don't Allow FDE Enable | If true, the system won't enable FileVault. | False |
FAQ:
Q: Why is there 2 settings that says Don't Allow FDE Disable/Enable.
A: This is due to following CIS policy and allowing reporting on these settings to show being compliant with CIS