It is important, and required, that your MacBook is secured for use on the Indiana University network. This includes having lock-screens with passwords, or passphrases of a required minimum length to access the MacBook; a specified time out period of inactivity in which the device will go to a lock-screen; encryption of the devices' storage unit; and the ability to remotely wipe or lock the device in the case of loss or theft. To help meet these security measures, all new MacBooks will be encrypted, and enrolled in the Device Enrollment Program (DEP) made available by UITS. Encryption of the storage unit on a MacBook ensures that only authorized users can login to the device, and in the event the laptop were to be stolen, the encrypted data on the storage device cannot be assessed, even if the storage device is installed in another laptop. Enrolling the MacBook in the DEP gives staff the ability to remotely lock, or wipe the MacBook should it become lost or stolen.
Enrollment into the DEP must be performed by an authorized SoIC staff member. While staff will do this for all new MacBooks during check-in and setup, enrollment can still be performed for all current MacBooks not enrolled. Please contact the SoIC staff to arrange enrollment of your MacBook.
Likewise, encryption of the storage device of all new Macbooks will be implemented by staff during the check-in and setup process. However, encryption can also be implement by end-users doing the following steps:
- Open System Preferences, and click on the Security & Privacy icon.
- In the box that opens, authenticate with your username and password, then click on FileVault. (This account must have administrative access).
- Click on the 'Turn On FileVault...' button.
- You will see a new box where you will be given a choice of using an iCloud account to store the 'recovery key', or to create the key, and not use an iCloud account. (All MacBooks set up by SoIC staff will not use iCloud).
- If you select 'Create a recovery key and do not use my iCloud account', and then click 'Continue', a long, alphanumeric recovery key will appear. Copy and save this key in a safe place, other than the computer itself. If you forget your password, this key can be used to gain access. (If you forget your password, and don't have this recovery key, your data will be lost.)
Please note that if there is more than one user with access to this device, the additional users must be given permission to access the system. An additional box will appear with all of the local user accounts listed. The additional users will be required to enter their password.
If you need assistance, or have questions about any of this, please contact an SoIC IT staff member. (firstname.lastname@example.org)