Be aware of the following requirements and limitations when configuring FileVault 2 through Centrify group policy:
- The Mac computer must be running OS X 10.9 or above.
- The Mac computer must have a recovery partition — generally, this partition is created by default during Mac OS X or macOS installation.
- FileVault 2 must not be enabled on the Mac computer (through the Security & Privacy System Preference).
If it is already configured, configuring FileVault 2 through Centrify Management Services for Mac will have no effect.
Enabling FileVault 2 protection disables auto log on for the Mac computer.
FileVault 2 protection does not support smart card authentication at start up of the computer.
The Apple technical white paper, "Best Practices for Deploying FileVault2" provides more information about using FileVault 2; specifically, the section “Two Factor Authentication” discusses the limitations of using FileVault 2 with alternate authentication methods such as smart cards.