ES-DV02: Enable macOS Disk Encryption (FileVault)


This profile will require the enablement of FileVault encryption on OS and Fixed drives for macOS devices. The FileVault recovery keys will be backed up to Azure AD.


  • The Device must be enrolled into Microsoft Endpoint Manager

Profile Settings

Settings – Encryption

Enable FileVaultYes
Recovery key type 
Personal recovery key rotation6 months
Escrow location description of personal recovery keyTo retrieve a lost or recently rotated recovery key
1. Sign into the Intune Company Portal website (portal.manage.microsoft.com) from any device.
2. In the portal, go to Devices and select the device that has FileVault enabled
3. Select Get recovery key.
4. The current recovery key is displayed.
Number of times allowed to bypass5
Hide recovery keyYes


Users, Groups and Devices

Includes– All Users

Get Started!

The first three tenants are free! No credit card required.

Sign Up