FileVault is full-disk encryption that is included with macOS. With Intune you can deploy policies that configure FileVault, and then manage recovery keys on devices that run macOS 10.13 or later. There are two methods of configuring FileVault policies with Intune.
- Option 1: Endpoint Security > Disk encryption
- Option 2: Device configuration profile for endpoint protection
I've chosen option 2.
First, on the test device, have a look at System Preferences > Security and Privacy.
We can see that FileVault is not turned on.
The test device is not currently categorized as corporate.
I need to change that.
On the test macOS device I get a notification in the Company Portal app and can see that the ownership type of the device has changed from personal to corporate.
It's reflected in the Intune portal also. Now we're in business.
Time for the profile. Click on Devices > macOS > Configuration profiles and click Create. Choose Templates as the Profile type and select Endpoint protection. Click Next.
Enter a profile name and click Next.
Select your options. Here I'm just enabling FileVault and entering a message. Click Next.
Assign to a group of macOS devices. Click Next.
Review your choices and click Create.
On the device I'm prompted to enter my password in order to enable FileVault.
FileVault is enabling.
We're presented with the recovery key and told to keep it safe. Don't worry about me sharing this. It's a test device and this key is no longer valid.
We can also see the recovery key in the Intune portal.
FileVault is turned on and the device is encrypting. This can take a while.
Device is fully encrypted.
No comments:
Post a Comment