Blog Post

Microsoft Intune Blog
3 MIN READ

Microsoft Intune announces support for macOS FileVault disk encryption management

Mayunk_Jain's avatar
Mayunk_Jain
Icon for Microsoft rankMicrosoft
Jul 24, 2019
(This post is co-authored with Anya Novicheva, Program Manager, Microsoft 365)   Microsoft Intune is excited to announce support for FileVault full-disk encryption configuration on macOS devices....
Updated Apr 02, 2020
Version 2.0
Configuration Manager
microsoft intune
MaxM's avatar
MaxM
Brass Contributor
Aug 02, 2019

Thank you for this feature! It is an important one.

 

However, while it works correctly for me in the most basic configuration, I'm having trouble with the "Disable prompt at sign out" option.

 

With that option enabled the profile that is delivered to my Macs is invalid. The Mac log shows "FileVault payload contains invalid prompting information which cannot be resolved"

 

Also, the ShowRecoveryKey option as documented in the https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf needs to be added (see com.apple.MCX.FileVault2 payload). Currently when FileVault is enabled the user is told to "save this recovery key and keep it in a safe place." In an enterprise scenario with key escrow in Intune we do not want the user encouraged to write the key down (and potentially store it with the Mac).

 

I have opened Premier Support cases on both of these items.