Administrator Guide

Use this process to enable encryption on a client computer if encryption was not enabled prior to activation. This process

enables encryption only for a single computer. You can choose to enable encryption for all Mac computers at the Enterprise

level if desired. For additional instructions about enabling encryption at the Enterprise level, see AdminHelp.

1. As a Dell administrator, log in to the Management Console.

2. In the left pane, click Populations > Endpoints.

3. For Workstation, click an option in the hostname column or, if you know the endpoint hostname, enter it in Search. You can

also enter a filter to search for the endpoint.

NOTE:

The wild card character (*) may be used but is not required at the beginning or end of the text. Enter Common Name,

Universal Principal Name, or sAMAccountName.

4. Click the appropriate endpoint.

5. On the Security Policies page, click the Mac Encryption technology group.

By default, the Dell Volume Encryption master policy is toggled On.

6. If a Mac has a Fusion Drive, select the check box for the Encrypt Using FileVault for Mac policy.

NOTE:

This policy requires that Dell Volume Encryption policy is also set to On. However, when FileVault encryption is enabled,

none of the other policies in the group are in effect. See Mac Encryption > Dell Volume Encryption.

7. If FileVault is deselected (macOS Sierra and lower), change other policies as desired.

For descriptions of all the policies, see AdminHelp which is available from the Management Console.

8. When finished, click Save.

9. In the left pane, click Management > Commit.

The number that displays by Pending Policy Changes is cumulative. It can include changes made on other endpoints, or made

by other administrators who are using the same account.

10. Enter a description of the changes in the Comment box and click Commit Policies.

11. To see the policy setting on the local computer after the Dell Server sends the policy, in the Policies pane of Dell Encryption

Enterprise Preferences, click Refresh.

Encryption Process

The encryption process varies depending on the state of the boot volume when encryption is enabled.

NOTE:

To maintain the integrity of user data, the client software does not begin encrypting a volume until the verification process

is successful on that volume. If a volume fails verification, the client software notifies the user and reports the failure in Dell

Data Protection Preferences. If you need to repair a volume, follow the instructions in Apple Support article HT1782 (http://

support.apple.com/kb/HT1782). The client software re-attempts verification on the next computer restart.

Select one of these:

● FileVault encryption of an unencrypted volume

● Assume Management of an Existing FileVault-Encrypted Volume

FileVault Encryption of an Unencrypted Volume

With FileVault encryption, an additional unnamed user displays in the PBA. Do not delete this user as it allows the Dell Server to

enforce policy on the device. If the PBA user is removed, the user will need to take action to begin policy-mandated decrypts.

1. After installation and activation, you must log into the account you want to boot from after FileVault encryption is active.

2. Wait for validation of the drive and verification of the volume to complete.

3. Enter the password for the account.

Tasks for the Encryption Client