fdesetup

I’ve used a few different MDMs in my time as a MacAdmin, I’ve written about my transition from WorkspaceONE to Mosyle and I really much prefer it.

I noticed today that one user isn’t using FileVault. I have a deferral set to 5 times. Which now I’m thinking might be a bit high. I was wondering how many times that user has deferred FileVault.

I saw you could use fdesetup to see info about deferral. So I made a quick and dirty script for that.

#!/bin/sh

fdesetup status

fdesetup showdeferralinfo

I used Mosyle to blast it out to all devices with Filevault off (that required having a smart group), and told it to run on every check-in. It returns:

FileVault is Off.
Deferred enablement appears to be active for user &apos;usernameappearshere&apos;.
{
AskAtUserLoginMaxBypassValue = 5;
Defer = 1;
DontAskAtUserLogout = 1;
OutputPath = "/etc/certificates";
ProfileUUID = "INSERTUUID";
ShowRecoveryKey = 1;
Usernames = (
usernameappearshere
);
}

fdesetup

Like this:

Leave a ReplyCancel reply