macOS device encryption via FileVault
Device encryption on macOS computers is provided via a program called FileVault. FileVault will encrypt the hard drive of the computer.
All macOS computers that are registered to connect to the Trinity College data network, are automatically encrypted as part of the network onboarding process.
Once encryption is enabled, you will be prompted to restart your computer and enter your Mac administrator password.
The Mac administrator password is not the same as your Trinity network login password.
If you do not know your Mac administrator password, please refer to the following pages:
IT Services cannot assist in recovering Mac administrator passwords if they are lost.
Once FileVault is enabled on your macOS device, your login experience will not change. You will continue to log in as normal before the encrypted was enabled.
Accessing encryption recovery keys
In certain scenarios you may need to access the encryption recovery key for the device.
Depending on how your device is managed, encryption recovery keys are accessible via one of two ways.
- If your device encryption is managed via Trellix, then you should contact the IT Service Desk to access the recovery key.
- If your device encryption is managed via Microsoft Intune, then your recovery key will be available by contacting the IT Service Desk or via your online Microsoft 365 account. To access the recovery key via your Microsoft 365 account:
- Sign into portal.manage.microsoft.com using your Trinity email address and password
- Go to Devices and select the macOS device that is encrypted with FileVault
- Select Get recovery key
- You can then copy your recovery key from the screen
IT Services may not be able to retrieve an encryption recovery key (for a device that has encryption managed via Trellix) if a computer does not check into our systems for over 8 months.
Computers that are not being actively used but which may be used again in future should be logged into at least once per month to ensure they are kept active on our systems and are up-to-date for operating system and anti-virus updates.
Leaving Trinity and uninstalling FileVault
If the encrypted device is your own personal computer and you are planning to take that computer with you when you leave Trinity, then you should contact the IT Service Desk so that the encryption can be removed.
If the encrypted device is a Trinity owned computer and will be handed back to your department once you leave, then the encryption does not need to be removed.
Backing up your data
Please note that encrypting a device does not backup your data. All users are still responsible for backing up the data on the computers they use.
OneDrive can be used for personal backup and SharePoint for any departmental files.
Further help
If you have further queries regarding this service, please see the FAQ page. If you still require assistance, please contact the IT Service Desk.