Hey everyone, I was setting up FileVault for a few of our Macs, but I don’t see any recovery keys showing up in the Hexnode console. I thought the keys would automatically appear under the device details once encryption started. Am I missing something here?
21 Views
Replies (4)
Marked SolutionPending Review
Participant
4 days ago
Marked SolutionPending Review
Hey Alex, we got into the same case. Can you check which recovery key type you selected in the FileVault policy? You need to check out the Escrow Personal Recovery Key option, but this option only shows when you choose Personal Recovery Key or Both Personal and Institutional Recovery Key. If you selected only the Institutional Recovery Key, Hexnode won’t escrow personal keys since it uses the organization’s encryption certificate instead.
Marked SolutionPending Review
Participant
4 days ago
Marked SolutionPending Review
Oh, I see. I just checked the policy and realized I selected the Institutional Recovery Key during setup. That explains why I’m not seeing the personal recovery keys stored in the Hexnode console.
Marked SolutionPending Review
Participant
4 days ago
Marked SolutionPending Review
Exactly. The Institutional Recovery Key is meant for central management; it creates a single key for all devices instead of individual ones. That’s why you won’t see separate personal recovery keys in the console. It trips up a lot of admins for the first time around.
Marked SolutionPending Review
Participant
4 days ago
Marked SolutionPending Review
Ah, that makes sense now. So basically, if I want to see the Escrow Personal Recovery Key option, I need to select either Personal Recovery Key or Both Personal and Institutional Recovery Key in my FileVault policy. That way, each device generates its own key, which is then escrowed into Hexnode. I understand the difference now. Thanks for clearing that up, guys!
Save
