1. endpoint manager

Intune: macOS FileVault Recovery Key missing

If you are mainly concerned with security, you will quickly come into contact with the topic of device management. Microsoft Endpoint Manager (formerly Intune) is a cloud-based management solution with which macOS-based devices can be managed.

One of the first and most common tasks when implementing Device Management is to enable disk encryption - for macOS FileVault - by means of policy. The next time you restart your mac system, FileVault will automatically activate and the recovery key will be saved in Microsoft Endpoint Manager / Intune. This process is also called FileVault Recovery Key Escrow called. The FileVault Recovery Key can then be retrieved via the device profile in Microsoft Endpoint Manager / Intune.

If FileVault was already active on the macOS device, the recovery key is not displayed. The reason for this is that the recovery key is only deposited with the escrow provider during a rotation. However, applying the FileVault policy will not trigger a rotation. 

So we have the option of waiting for the next rotation to occur (configured in the FileVault policy) or we can do it ourselves. In the Endpoint Manager, however, the rotation can only be initiated manually if a recovery key is stored. If it is not, we must perform the rotation on the macOS device itself. 

With these steps you solve the problem:

  1. Open the terminal with a user who has administrator privileges
  2. Execute the following command:
    sudo fdesetup changerecovery -personal
  3. Enter the password of the currently logged in user
  4. Enter the user name of the currently logged in user
  5. Re-enter the password of the currently logged in user
  6. The new FileVault Recovery Key is displayed and automatically saved in Endpoint Manager
I hope this blog post has been helpful to you and I look forward to your comment! Sign up for my newsletter on the right to not miss any new posts about Azure Security and Automation 😀
Comments to: Intune: macOS FileVault Recovery Key missing

Your email address will not be published.

Attach images - Only PNG, JPG, JPEG and GIF are supported.

Subscribe now for latest information on Cloud Security & Automation

By subscribing you agree to our Datenschutzerklärung.

About me

Tobi is focusing for more than 15 years in Information Technology. After a successful exit of his Microsoft-focused hosting company, he helps SMBs to secure and automate their cloud environments.

en_USEnglish