MacOS FileVault disk encryption management

Highlighted
Occasional Visitor

Hi Team,

I would like to know MacOS FileVault disk encryption profile via Intune would support only to corporate owned devices or personal owned mac devices. I have created profile and deployed on personal device, however it seems to be not working. I could not see recovery key in Intune and in company portal web. 

 

1 Reply
Highlighted

Hi @Ritesh1265,

 

FileVault encryption for macOS has some requirements:

 

User-approved device enrollment is required for FileVault to work on the device. The user must manually approve of the management profile from system preferences for enrollment to be considered user-approved.
https://docs.microsoft.com/en-us/intune/protect/encrypt-devices

 

User Approved enrollment

User Approved MDM enrollment is a type of macOS enrollment that you can use to manage certain security-sensitive settings. For more information, see Apple's support documentation.

During the BYOD enrollment process, the user will be asked to manually approve the Apple management profile. Instructions are provided in the Company Portal app for macOS. Although approval of the management profile is not required to complete enrollment, Intune recommends user approved enrollments. If the user does not approve the profile during enrollment, the user can go to System Preferences > Profiles, choose the management profile, and select Approve.

Find out if a device is User Approved

  1. Sign in to the Microsoft Endpoint Manager Admin Center.
  2. Choose Devices > All devices> choose the device > Hardware.
  3. Check the User approved enrollment field.

https://docs.microsoft.com/en-us/intune/enrollment/macos-enroll

 

best,

Oliver