On the Review + create page, when you're done, choose Create. For more information on assigning profiles, see Assign user and device profiles. On the Assignments page, select the groups that will receive this profile. On the Scope (Tags) page, choose Select scope tags to open the Select tags pane to assign scope tags to the profile. The current recovery key is displayed.Ĭonfigure the remaining FileVault settings to meet your business needs, and then select Next. In the portal, go to Devices and select the device that has FileVault enabled, and then select Get recovery key. This information can be useful for your users when you use the setting for Personal recovery key rotation, which can automatically generate a new recovery key for a device periodically.įor example: To retrieve a lost or recently rotated recovery key, sign in to the Intune Company Portal website from any device.
#MAC RECOVERY KEY FILEVAULT HOW TO#
On the Configuration settings page, select FileVault to expand the available settings:įor Recovery key type, select Personal key.įor Escrow location description of personal recovery key, add a message to help guide users on how to retrieve the recovery key for their device. This setting is optional, but recommended. For example, a good policy name might include the profile type and platform.ĭescription: Enter a description for the policy. Name your policies so you can easily identify them later. Name: Enter a descriptive name for the policy. On the Basics page, enter the following properties: On the Create a profile page, set the following options, and then click Create: Select Devices > Configuration profiles > Create profile. Sign in to the Microsoft Endpoint Manager admin center. To manage FileVault in Intune, your account must have the applicable Intune role-based access control (RBAC) permissions.įollowing are the FileVault permissions, which are part of the Remote tasks category, and the built-in RBAC roles that grant the permission:Ĭreate device configuration policy for FileVault The user must manually approve of the management profile from system preferences for enrollment to be considered user-approved. User-approved device enrollment is required for FileVault to work on a device. This scenario requires the device to receive FileVault policy from Intune, followed by the user uploading their personal recovery key to Intune. In addition to using Intune policy to encrypt a device with FileVault, you can deploy policy to a managed device to enable Intune to assume management of FileVault when the device was encrypted by the user.
After the key is escrowed, the disk encryption can start. First, the device is prepared to enable Intune to retrieve and back up the recovery key. Intune provides a built-in encryption report that presents details about the encryption status of devices, across all your managed devices.Īfter you create a policy to encrypt devices with FileVault, the policy is applied to devices in two stages.
#MAC RECOVERY KEY FILEVAULT WINDOWS#
To manage BitLocker for Windows 10/11, see Manage BitLocker policy. View the FileVault settings that are available in endpoint protection profiles for device configuration policy.
For more information about using a device configuration profile, see Create a device profile in Intune. FileVault settings are one of the available settings categories for macOS endpoint protection. View the FileVault settings that are available in profiles for disk encryption policy.ĭevice configuration profile for endpoint protection for macOS FileVault. The FileVault profile in Endpoint security is a focused group of settings that is dedicated to configuring FileVault. Use one of the following policy types to configure FileVault on your managed devices:Įndpoint security policy for macOS FileVault. You can use Intune to configure FileVault on devices that run macOS 10.13 or later. FileVault is a whole-disk encryption program that is included with macOS. Intune supports macOS FileVault disk encryption.
0 kommentar(er)
