LATEST - October 2019
KACE Cloud Mobile Device Manager
We are excited to announce our most recent update to KACE Cloud Mobile Device Manager.
In our October release, we’ve added new macOS FileVault full disk encryption functionality. This new functionality improves the security of macOS devices—and when used with KACE Cloud MDM Policies, FileVault can be added automatically to devices during enrollment. KACE Cloud MDM FileVault functionality is available for both DEP and BYOD macOS devices.
What is FileVault?
FileVault is the name for macOS disk encryption. The current version is FileVault2 and uses the AES-XTS mode of AES with 128-bit blocks and a 256-bit key to encrypt the disk. FileVault-enabled users can unlock the disk with their password at the pre-boot stage on a FileVault-enabled macOS device.
Through KACE Cloud MDM, an administrator can choose whether to set up a personal or institutional recovery key, or both. An admin can also choose whether to show the personal recovery key to the user during FileVault setup and whether to include the personal recovery key as part of KACE Cloud MDM's device inventory process.
Learn more about FileVault and personal/institutional recovery keys.
macOS MDM as an Installation Method
For macOS, imaging is considered a deprecated technology and is no longer supported. The APFS file system, which is now mandatory for macOS, means imaging is no longer possible. And the newer Apple T2 chip prevents net booting, which is another requirement for imaging.
macOS MDM is Apple’s recommended replacement for macOS Imaging and there are a number of advantages when moving from the SDA to KACE Cloud MDM for macOS deployments. Benefits include:
Learn more about FileVault Management in KACE Cloud MDM.