-
Endpoint Management integration with Microsoft Endpoint Manager
-
Certificates and authentication
-
Client certificate or certificate plus domain authentication
-
Authentication with Azure Active Directory through Citrix Cloud
-
Authentication with Azure Active Directory Group-Based Administration
-
Authentication with Azure Active Directory through Citrix Gateway for MAM enrollment
-
Authentication with Okta through Citrix Gateway for MAM enrollment
-
Authentication with an on-premises Citrix Gateway through Citrix Cloud
-
-
FileVault device policy
-
Compliance Enforcement for Android device (Technical Preview)
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
FileVault device policy
The macOS FileVault full-disk encryption (FileVault 2) feature protects the system volume by encrypting its contents. A user logs in to a FileVault-enabled macOS device with their account password each time that the device starts. If the user loses their password, a recovery key enables them to unlock the disk and reset their password.
This device policy enables FileVault user setup screens and configures settings such as recovery keys. For more information about FileVault, see the Apple support site.
To add the FileVault policy, go to Configure > Device Policies.
macOS settings
- Enable FileVault: If this setting is set as On, then it prompts the user to enable FileVault during the next N logouts as specified by the option Maximum times to skip FileVault setup. If Off, users don’t receive a prompt to enable FileVault, but they can still enable FileVault on their own.
- Prompt for FileVault setup during logout: If On, users see a prompt asking them to enable FileVault when they log out.
- Maximum times to skip FileVault setup: The maximum number of times that the user can skip FileVault setup. When the user reaches the maximum, the user must set up FileVault to log in. If 0, the user must enable FileVault during the first login attempt. Default is 0.
-
Recovery key type: A user who forgets their password can type a recovery key to unlock the disk and reset their password. Recovery key options:
-
Personal recovery key: A personal recovery key is unique to a user. During FileVault setup, a user chooses whether to create a recovery key or to allow their iCloud account to unlock their disk. To show the recovery key to the user after FileVault setup completes, enable Show personal recovery key. Showing the key enables the user to record the key for future use. To allow users to look up their key if they lose it, enable Escrow personal recovery key.
You can rotate personal recovery keys through security actions. For more information on rotating personal recovery keys, see Security actions.
For information about recovery key management, see the Apple support site.
-
Institutional recovery key: You can create an institutional (or main) recovery key and FileVault certificate, which you then use to unlock user devices. For information, see the Apple support site. Use Citrix Endpoint Management to deploy the FileVault certificate to devices. For information, see Certificates and authentication.
-
Personal & institutional recovery key: By enabling both types of recovery keys, you must unlock a user device only if the user loses their personal recovery key.
-
-
Institutional recovery key certificate: If you select Institutional recovery key or Personal & Institutional recovery key as the Recovery key type, select the recovery key certificate for that key.
-
Show personal recovery key: If On, the user device shows the personal recovery key to the user after setting up FileVault. Defaults to Off.
-
Escrow personal recovery key: When enabled, users can store a copy of the personal recovery key for each device with Citrix Endpoint Management.
To access the key from Citrix Endpoint Management, go to Manage > Devices, select the macOS device, and click Edit. Then, go to Device details > General and locate the Personal recovery Key.
To allow users to view their recovery key from the Self-Help Portal, enable Escrow personal recovery key and Display personal recovery key to user. The key appears in the Self-Help Portal on the Properties page under Security information. For more information about the Self-Help Portal, see Self-Help Portal.
You can enable the Escrow personal recovery key setting even if you don’t enable the Enable FileVault setting. If you disable the Enable FileVault setting, users can still enable FileVault on their own. In this situation, enable Escrow personal recovery key to allow users to store a copy of their key with Citrix Endpoint Management.
If a user enables FileVault before enrolling the device in Citrix Endpoint Management, Citrix Endpoint Management doesn’t store their recovery key. The device shows up as FileVault-enabled in the console.
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.