Script to check encryption status on Mac

Verifying and enabling FileVault encryption on workplace macOS devices is crucial to keep sensitive devices from being compromised. However, it is a lengthy process to manage FileVault on the system from the System Preferences manually. A more efficient solution is needed to manage FileVault on multiple devices. You can run the following script with the Mac Terminal app to check the FileVault encryption status on macOS devices.

Device admins can remotely run scripts on Macs managed with Hexnode using the Execute Custom Script action.

Scripting language – Bash

File extension – .sh

Check encryption status

The fdesetup command can be used to obtain the current status of macOS FileVault.

Sample output:

Check encryption/decryption progress

The scripts show the progress when the device is being encrypted or decrypted:

For macOS 10.11 and 10.12:

The script below helps you keep track of the encryption/decryption occurring on the device.

The diskutil command is used as a tool for managing disks or partitions on macOS devices. This command helps users in performing tasks such as viewing, creating, unmounting, resizing, formatting, and repairing disks.

grep tool is used for locating a string within a file.

Sample output:

For macOS 10.13 and later:

1. The script below helps you keep track of the encryption occurring on the device.
Script to view FileVault encryption progress on Mac

diskutil apfs list | grep “Encryption Progress”

1	diskutil apfs list | grep “Encryption Progress”

From macOS 10.13, Apple has introduced a new default file system called APFS (Apple File System).

Sample output:



2. The script below helps you keep track of the decryption occurring on the device.
Script to view FileVault decryption progress on Mac

diskutil apfs list | grep “Decryption Progress”

1	diskutil apfs list | grep “Decryption Progress”

Sample output: