Disk encryption

Platform compatibility
Modifying or removing the control
How it works
macOS
Windows
Linux

Platform compatibility

macOS	Windows	Linux	iOS / iPadOS	Android
✅ (FileVault)	✅ (BitLocker)

Modifying or removing the control

Disable the control from the profile settings. Disabling stops enforcement but does not remove existing encryption from devices.

How it works

macOS

Encryption is managed by FileVault.
FileVault is automatically enabled during MDM installation.
Encryption becomes effective after the next restart.
The recovery key is escrowed a few hours later.

Windows

Encryption is managed by BitLocker.
It is automatically enabled after MDM installation.
No restart is required.
The key is stored as soon as encryption is activated.

Linux

Primo does not support automatic encryption for Linux devices. Enabling full-disk encryption on Linux typically requires a full disk reset and OS reinstallation, which must be done manually before enrolling the device. However, depending on distribution, Recovery Keys are automatically escrowed.

Automatic App & OS updates

Admin Management

Introduction

Onboardings & Offboardings

Device Management

Endpoint Protection

Identity & SaaS Management

Global Purchasing

Guides

Platform compatibility

Modifying or removing the control

How it works

macOS

Windows

Linux

Introduction

Onboardings & Offboardings

Device Management

Endpoint Protection

Identity & SaaS Management

Global Purchasing

Guides

​Platform compatibility

​Modifying or removing the control

​How it works

​macOS

​Windows

​Linux

Platform compatibility

Modifying or removing the control

How it works

macOS

Windows

Linux