How to configure Device Encryption for Mac device on Sophos Central

1. Purpose of the article

This article will guide you to configure Device Encryption for Mac devices, this is a pretty cool feature and importantly it will help encrypt 1 or more hard drives to protect your data when it is stolen.

2. Configuration situations

Thegioifirewall will prepare a machine running HDH MacOS Catalina 10.15.5 with Sophos Endpoint installed.

Then we will configure Device Encryption for this mac device.

3. Hướng dẫn cấu hình

To configure it we need to login to Sophos Central’s admin page with the admin account.

Next, go to Encryption> Policies> Click Add Policy.

The Add Policy panel appears, where you can choose encryption by device or by user that user is logged in on that computer.

Here I will encrypt according to the device with the following information:

  • Feature : Device Encryption
  • Type : Select Device (policies are assigned to device regardness off logged on user)
  • Press Continue.

The Create New Computer Policy table will appear, we need to fill in the following information:

Policy Name: Encrypt_MacOS


  • We will select the computer that the Mac is using, here we will select the MacOS15’s Mac computer from the Available Computers panel and click the right arrow to switch this computer to the Assigned Computers panel.


  • We will press turn on the switch at Device Encryption is on.
  • Next we have the option to Encrypt boot volume only, we only enable this option when we only want to encrypt the windows boot drive.
  • Next we need to select Required startup authentication, which will restart the computer after you set the encryption password.
  • Require new authentication password / PIN from users you will use this option when you want the encryption layer’s password / PIN to be changed frequently, after you enable this option you can customize how many months will change 1 time.
  • The option Encrypt used space only is used only when you only need to encrypt the data drives.
  • In this article, because the mac has only 1 drive to install OS, I just need to select Require startup authentication with this option, it will encrypt all the drives currently on the computer.
  • Click Save.

After successfully configuring the policy back to the mac we will see a message stating that your machine is set to be encrypted and you are asked to enter a password.

After entering the password and pressing Encrypt, your mac will ask you to enable FileVault, click OK.

You then need to reboot and the login screen will show up as follows.

At this point the encryption process has begun.

Just log in with your local account using your normal computer.

To check how long the encryption process is taking place and which drive is encrypting you go to System Preferences> Security & Privacy> FileVault.

As you can see in the figure, the encryption took 23% and the encrypted drive was the OS drive.

The encryption process is happening implicitly, so feel free to use your computer. Once it’s done, it will say Encryption finished.

After booting the machine again, the encoder code is complete.

Be the first to comment

Leave a Reply

Your email address will not be published.


This site uses Akismet to reduce spam. Learn how your comment data is processed.