SOLVED
Home

Mac OS X disk encryption with Intune

%3CLINGO-SUB%20id%3D%22lingo-sub-52074%22%20slang%3D%22en-US%22%3EMac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-52074%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20all%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20possibility%20to%20encrypt%20the%20disk%20(FileVault)%20of%20an%20Mac%20OS%20X%20device%20by%20using%20Intune%3F%20I%20read%20something%20about%20Apple%20Configurator%2C%20to%20create%20a%20profile%20and%20deploy%20it%20with%20Intune.%20But%20I%20cannot%20find%20information%20on%20how%20to%20setup%20such%20a%20profile%20for%20disk%20encryption.%20Anybody%20have%20a%20good%20article%20about%20this%3F%20Or%20another%20good%20solution%20to%20encrypt%20a%20harddisk%20on%20a%20Mac%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EPeter%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-52074%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-52621%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-52621%22%20slang%3D%22en-US%22%3E%3CP%3EThanks!%26nbsp%3BBut%20this%20guy%20is%20using%20Casper%2C%20I%60m%20looking%20for%20a%20solution%20based%20on%20intune%20(if%20possible).%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-52079%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-52079%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20look%20like%20somewhere%20to%20start%26nbsp%3B%3CSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fwww.johnkitzmiller.com%2Fblog%2Fhow-i-deploy-filevault-2%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.johnkitzmiller.com%2Fblog%2Fhow-i-deploy-filevault-2%2F%3C%2FA%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3ESome%20offical%20apple%20documentation%20%3CA%20href%3D%22http%3A%2F%2Ftraining.apple.com%2Fpdf%2FWP_FileVault2.pdf%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2Ftraining.apple.com%2Fpdf%2FWP_FileVault2.pdf%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHaven't%20done%20it%20myself%20so%20no%20experience.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-666187%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-666187%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3194%22%20target%3D%22_blank%22%3E%40Peter%20Klapwijk%3C%2FA%3E%26nbsp%3BThis%20feature%20is%20currently%20in%20development%20and%20is%20expected%20to%20be%20released%20this%20year.%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F32943412-enable-filevault-and-key-vaulting-for-osx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmicrosoftintune.uservoice.com%2Fforums%2F291681-ideas%2Fsuggestions%2F32943412-enable-filevault-and-key-vaulting-for-osx%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fwww.microsoft.com%2Fen-au%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D51243%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.microsoft.com%2Fen-au%2Fmicrosoft-365%2Froadmap%3Ffilters%3D%26amp%3Bsearchterms%3D51243%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3ETill%20such%20time%20you%20can%20use%20the%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fcompliance-policy-create-mac-os%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Emac%20device%20compliance%20policy%3C%2FA%3E%20and%20set%20the%20%22%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fcompliance-policy-create-mac-os%23encryption%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3EEncryption%20of%20data%20storage%20on%20a%20device%20to%20require%3C%2FA%3E%22.%20This%20will%20prevent%20users%20from%20storing%20company%20data%20on%20their%20device%20unless%20it%20is%20encrypted.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-694054%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-694054%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233734%22%20target%3D%22_blank%22%3E%40Pramiti%20Bhatnagar%3C%2FA%3E%26nbsp%3BOk!%20Better%20late%20than%20never%20%3B)%3C%2Fimg%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-766636%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-766636%22%20slang%3D%22en-US%22%3E%3CP%20style%3D%22text-align%3A%20left%3B%22%3EIts%20released.%20Check%20this%20out%26nbsp%3B%3A)%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fwhats-new%23manage-filevault-for-macos---%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fwhats-new%23manage-filevault-for-macos---%3C%2FA%3E%3C%2FP%3E%0A%3CP%20style%3D%22text-align%3A%20left%3B%22%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fencrypt-devices%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fintune%2Fencrypt-devices%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-767371%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-767371%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F233734%22%20target%3D%22_blank%22%3E%40Pramiti%20Bhatnagar%3C%2FA%3E%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F3194%22%20target%3D%22_blank%22%3E%40Peter%20Klapwijk%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CBR%20%2F%3Eand%20my%20initial%20tests%20with%20the%20policy%20were%20successful%20%3Athumbs_up%3A%3C%2Fimg%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-center%22%20style%3D%22width%3A%20753px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F123998i31D0D99DA165C0EF%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22SNAG-0010.png%22%20title%3D%22SNAG-0010.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-769659%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-769659%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F174439%22%20target%3D%22_blank%22%3E%40Oliver%20Kieselbach%3C%2FA%3E%26nbsp%3Bdo%20you%20know%20what%20will%20happen%20if%20I%20already%20have%20custom%20profile%20deployed%20to%20enforce%20Filevault%3F%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-769668%22%20slang%3D%22en-US%22%3ERe%3A%20Mac%20OS%20X%20disk%20encryption%20with%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-769668%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F144823%22%20target%3D%22_blank%22%3E%40Alexander%20Vanyurikhin%3C%2FA%3E%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3Ehonestly%20I%20don't%20know.%20I%20guess%20it%20could%20potentially%20conflict%20but%20don't%20know.%20I%20think%20you%20need%20to%20do%20some%20tests%20in%20a%20lab%20environment...%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%E2%9C%8C%20best%2C%3CBR%20%2F%3EOliver%3C%2FP%3E%3C%2FLINGO-BODY%3E
Peter Klapwijk
Regular Contributor

Hi all,

 

Is there a possibility to encrypt the disk (FileVault) of an Mac OS X device by using Intune? I read something about Apple Configurator, to create a profile and deploy it with Intune. But I cannot find information on how to setup such a profile for disk encryption. Anybody have a good article about this? Or another good solution to encrypt a harddisk on a Mac?

 

Thanks!

 

Peter

8 Replies

This look like somewhere to start https://www.johnkitzmiller.com/blog/how-i-deploy-filevault-2/

Some offical apple documentation http://training.apple.com/pdf/WP_FileVault2.pdf

 

Haven't done it myself so no experience.

Thanks! But this guy is using Casper, I`m looking for a solution based on intune (if possible).

Solution

@Peter Klapwijk This feature is currently in development and is expected to be released this year.

https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/32943412-enable-filevault-and-...

https://www.microsoft.com/en-au/microsoft-365/roadmap?filters=&searchterms=51243

 

Till such time you can use the mac device compliance policy and set the "Encryption of data storage on a device to require". This will prevent users from storing company data on their device unless it is encrypted.

@Pramiti Bhatnagar Ok! Better late than never ;)

@Pramiti Bhatnagar @Peter Klapwijk 


and my initial tests with the policy were successful :thumbs_up:

 

SNAG-0010.png

 

@Oliver Kieselbach do you know what will happen if I already have custom profile deployed to enforce Filevault? 

Hey @Alexander Vanyurikhin,

 

honestly I don't know. I guess it could potentially conflict but don't know. I think you need to do some tests in a lab environment...

 

✌ best,
Oliver

Related Conversations
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
7 Replies