Escrow Personal Recovery Key for Mac FileVault

Michelle Hendricks
expand collapsive

Configuration tweaked: FileVault for Mac.

What’s new in this update?

Encrypting your macOS devices using the Personal Recovery key generates an alphanumeric string that is unique to each system. This key is to be stored by the user as it is not recorded anywhere else. So, what happens if the user loses this key? Obviously, the decryption process cannot be processed and results in resetting the Mac machine.

But with the latest update, Hexnode provides an option to escrow the key for device safety.

Where can you configure this?

If you are encrypting the devices using any of the methods; ‘Personal Recovery Key’ or ‘Institutional and Personal Recovery Key’:

  1. Enable the option Escrow Personal Recovery Key under Policies > macOS > Security > FileVault.

    Configure FileVault to escrow personal recovery key

How does this work?

Enabling this option allows Hexnode to retrieve and back up the personal recovery key. You can either use Hexnode to automatically encrypt and decrypt the recovery key, or you can manually specify the encryption key by uploading the encryption certificate.

Have a look at escrowing personal recovery key to know more.

Cheers!
Michelle Hendricks
Hexnode UEM

All Replies

Be first to reply this topic