The GoLive page for a device gives you direct control over that single machine in real-time. One of the many features available in a GoLive session is the ability to enable FileVault encryption.

Let's begin by finding our device on the Devices page. In this example we'll be using the device "Mac Above Couch".

Once in the GoLive session, head over to the FileVault Encryption tab and select Enable FileVault.

This will bring up a modal window with a few options how to enable FileVault.

Option 1: You don't know the password of the user on the device. This will do a deferred enablement and ask the user to input their password whenever they next log in to the device. You could also toggle the prompt for restart if you would like to notify the end user to restart the machine after the deferred enablement command runs, thus starting the encryption process sooner.

Option 2: You know the username and password of the user you want to add to the FileVault. This is the least invasive method, as the user instantly gets added to the FileVault and encryption starts right away.

After you press Enable, the device will attempt to enable FileVault on the machine and then escrow the recovery keys. If any errors occur you'll see them appear on the screen.

Note: the end-user does not have the ability to stop the FileVault process. If you need to halt the process, you will need to run this command before the encryption begins.

fdesetup disable

For information on disabling FileVault after the encryption process has been completed, please reference our article Decrypting Devices with FileVault.

Happy FileVaulting!