Does FileVault work with Intune??
Sep 1, 2023 9:30 PM

Does FileVault work with Intune??

by HubSite 365 about Dean Ellerby [MVP]

Microsoft MVP (Enterprise Mobility, Security) - MCT

Pro UserIntuneLearning Selection

After configuring the FileVault profile in Intune, I take a look at what happens on my device. Does it even work?

Intune, a Microsoft service, is compatible with FileVault, a whole-disk encryption program included with macOS. Through Intune, FileVault can be configured on devices running macOS 10.13 or later using either the Endpoint security policy or the Device configuration profile. Endpoint security settings are dedicated exclusively to configuring FileVault while the FileVault settings are part of the macOS endpoint protection options for Device configuration.

  • FileVault, integral to Intune, prepares the device for encryption by enabling Intune to backup and recover the key (escrow).
  • Once the key is escrowed, disk encryption commences.
  • Intune policies can additionally allow Intune to manage a user-encrypted device through FileVault.
  • To this end, the device must receive FileVault policy from Intune and the user must upload their personal recovery key.

To manage FileVault with Intune, user-approved device enrollment is critical. The management profile must be manually accepted from system preferences for enrollment to be user-approved. Lastly, account permissions are needed to manage FileVault in Intune.

Mac FileVault via Microsoft Intune

FileVault is an effective measure for data security. Working with Intune, it enables strict yet flexible control of device encryption based on policies. If engraved correctly by the user, the service will assume management of FileVault, providing a shared responsibility model. Intune also offers a built-in encryption report, showcasing the encryption status across all managed devices, further ensuring data safety.

Learn about Does FileVault work with Intune??


Microsoft Intune provides support for macOS FileVault disk encryption. It enables administrators to configure FileVault on managed devices running macOS 10.13 or later. With Intune, users can create either a device configuration policy or an endpoint security policy to manage FileVault. After the policy is created, the device is prepared for Intune to retrieve and backup the recovery key. This process is known as escrow. Following the escrow, the disk encryption can begin. In addition, Intune allows administrators to deploy policies that enable them to take management of FileVault even when it has been encrypted by the user. For this to work, the user must upload their personal recovery key to Intune and approve the management profile from the system preferences. To manage FileVault in Intune, the account must have the appropriate Intune role-based access control.

More links on about Does FileVault work with Intune??

Configure FileVault Encryption For MacOS Devices Using ...
Jan 17, 2023 — On the left sidebar, select Endpoint security > under Manage, select Disk encryption. · The list of existing profiles will reflect on the right ...
Activate Mac FileVault using Intune
Aug 17, 2022 — Activate Mac FileVault using Intune ... Encrypting the disk of a workspace is one of the basic settings that every managed device should have.
Configure macOS FileVault with Microsoft Intune
Aug 15, 2019 — The key can be found by looking up the device in the Device Management Portal under Devices, All devices. On the Recovery keys tab you can click ...
IntuneDocs/intune/protect/ at main
FileVault is a whole-disk encryption program that is included with macOS. You can use Intune to configure FileVault on devices that run macOS 10.13 or later. To ...
Configure FileVault disk encryption on macOS devices
Jun 3, 2021 — FileVault is used to encrypt data on Mac devices using a login password as an encryption passphrase. Its current implementation/version, ...
Enabling FileVault in Intune - Nverse Lab
Mar 26, 2021 — Create a new Configuration Profile for MacOS and set Enable FileVault to Yes. · Once deployed, FileVault will begin to encrypt after the next ...
Intune can't enable FileVault on Big Sur
Apr 30, 2021 — Enable FileVault: Yes · Personal Recovery Key rotation: 3 months · Escrow location description of personal recovery key: "In your account" · Number ...
Intune: macOS FileVault Recovery Key is missing -
Dec 2, 2020 — Intune: macOS FileVault Recovery Key missing · Open the terminal with a user who has administrator privileges · Execute the following command:.


FileVault, disk encryption, macOS, Intune, BitLocker, Windows 10/11