Why FileVault Is a Must for Corporate Mac Computers | Managing Mac with SCCM

Endpoint devices are touchy creatures in many ways. They are responsible for employees’ productivity to a large extent. Virtually nothing will go without them. At the same time, those business systems are potential gateways for cyberattacks on the organization’s data. They can also be lost, which amounts to a security issue. A fleet of state-of-the-art computers with access to critical corporate systems might be riskier than a heap of common desktop PCs.

FileVault caters to organizations’ encryption needs

Encryption is a a crucial part of any security architecture. For Mac® systems, this preferably means using the onboard instrument, FileVault® 2. This is a system component of macOS® and comes with no drawbacks for users. Even read-and-write speeds are only marginally impacted by FileVault—this slowdown is typical for hard disk encryption. FileVault works with XTS-AES-128 encryption combined with a 256-bit key.

Unfortunately, organizations using Microsoft SCCM to manage their Mac devices cannot automatically activate FileVault for those Apple systems. A solution such as Parallels® Mac Management for Microsoft® SCCM is needed for that. This allows IT administrators to activate FileVault for all Mac devices in the corporate environment, significantly raising the overall safety level. Parallels Mac Management enables IT teams to specify that all corporate Mac computers should have their FileVault feature activated to encrypt the data on their hard disk.

IT administrators need to define a “Configuration Item” in Parallels Mac Management to handle FileVault using SCCM. This is done in the console under “Assets and Compliance / Overview / Compliance Settings.” There, a “FileVault 2” option can be found under “Create Parallels Configuration Item.” FileVault encryptions are virtually unbreakable, so a restore key is always provided in case that user forgets their password. Otherwise, the hard disk would hardly be decryptable and the user’s data might be lost for good. For this reason, the administrator can specify whether FileVault should be used in conjunction with a personal or global “institutional” restore key.

Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly webinars. Register now for free!


Learn more:

Details for setting up von FileVault | Parallels Mac Management Administrator’s Guide (PDF)
Apple Support | FileVault 2
TechRepublic | Apple’s FileVault 2 encryption