The use of an institutional recovery key requires you to create a FileVault master keychain with a macOS computer. In the following picture, you see how the personal key is shown to the device user. Notice that it is the device user's responsibility to store the personal recovery key in a safe location. The user always sees the personal recovery key. Show personal recovery keyĭefines whether the personal recovery key is shown to the device user after the FileVault has been activated. It is possible to use both recovery keys, which means that an encrypted disk can be unlocked using either a personal or institutional recovery key. In this case, the administrator is responsible for keeping the recovery key stored in a safe location. Organizations can use the institutional key to unlock any macOS computer's disk that has been encrypted with a certificate generated from the same keychain (See Institutional recovery key section below). The device's user is responsible for storing the recovery key. The personal recovery key is device-specific and will be generated automatically at the target device when the encryption is enabled. Proceed with Next when you're done.Ĭhoose whether you want to use personal, institutional, or both types of recovery keys for unlocking encrypted files.
Miradore's FileVault configuration profile is compatible with devices running macOS 10.9 or higher.
#HOW DO I GET A RECOVERY KEY FOR MAC HOW TO#
How to check FileVault status on a macOS device.Reporting: which devices have FileVault enabled?.Steps to enforcing FileVault activation on macOS devices.