Enforce a firmware password to increase security at the hardware level when allowing macOS v10.10+ to start up using an external drive, partition, or using Recovery Mode. The AirWatch Agent v2.2+ for macOS is required with this profile that provides enhanced security and allows you to determine when end users need to enter firmware passwords.

Important:

If a firmware password is already set on the computer, then profile installation will fail.

To create a firmware password:

  1. Navigate to Devices > Profiles & Resources > Profiles and select Add. Select Apple macOS, and then select Device Profile, since this profile is only applicable to the entire device.
  2. Configure the profile's General settings.

    These settings determine how the profile deploys and who receives it. For more information on General settings, see Add General Profile Settings.

  1. Configure the Firmware Password:

    Setting Description
    Firmware Password Enter the password for the device.
    Mode

    Select the Mode when end users are required to enter the password:

    • Command Mode – Require the password when attempting to boot to another drive or partition. After the end user enters the password, the computer begins using Command Mode. Then, the macOS Agent prompts the end user to re-start the computer.
    • Full Mode – Require the password every time the computer starts up. After the end user enters the password, the macOS Agent prompts the end user to re-start the computer. When the computer re-starts, it begins using Full Mode.

    Once the profile is configured, it cannot be removed remotely.

  2. Select Save & Publish to push the profile to the device.