Create an Extension Attribute using the 'Script' option as input type and paste the contents of check_apfs_encryption_extension_attribute.sh in the 'Script' dialog box.
Create one or more SmartGroups which look for specific results of the EA. For example, you may want to create a SmartGroup called "Not Encrypted APFS Volume" that includes the above EA whose result is: FileVault is Off. (which would mean not encrypted, of course.)
Create a policy scoped to the above SmartGroup which will enforce FileVault encryption either through a built-in policy action or a script of your choosing. Don't forget to set the frequency to something like "Once a day" and perhaps have a notification to the user for transparency's sake.
Hi,
how can i best setup check_apfs_encryption, smart computer group? and policy ?
thank you