Introduction #
This profile will require the enablement of FileVault encryption on OS and Fixed drives for macOS devices. The FileVault recovery keys will be backed up to Azure AD.
Requirements #
- The Device must be enrolled into Microsoft Endpoint Manager
Profile Settings #
Settings – Encryption
| Enable FileVault | Yes |
| Recovery key type | |
| Personal recovery key rotation | 6 months |
| Escrow location description of personal recovery key | To retrieve a lost or recently rotated recovery key 1. Sign into the Intune Company Portal website (portal.manage.microsoft.com) from any device. 2. In the portal, go to Devices and select the device that has FileVault enabled 3. Select Get recovery key. 4. The current recovery key is displayed. |
| Number of times allowed to bypass | 5 |
| Hide recovery key | Yes |
Assignments #
Users, Groups and Devices
| Includes | – All Users |
