Microsoft Intune announced support for FileVault on macOS devices.
Intune will limit access on macOS startup disks
FileVault full-disk encryption, known as FileVault 2, is a software solution that prevents unauthorised access to the info on macOS startup disks.
With the freshly announced support, Intune administrators will make sure that no one will have access to startup disks on macOS without a password.
Also, Intune admins will be able to recover personal keys for users on corporate devices directly from the Intune console, as stated by Microsoft officials in a blog post:
The end user may use the Microsoft Intune Company Portal website on any device to access their personal recovery key. Once they login to the web Company Portal, they can select their FileVault enabled macOS device from the device thumbnails, and click on Get recovery key. If the macOS device isn’t encrypted or it was encrypted prior to enrollment, they will not see a personal recovery key.
Microsoft Intune administrators will have more options
Here are the official release features:
- Personal recovery key rotation to help protect against unauthorized access using compromised keys. Intune administrators can rotate the personal recovery keys for company-managed encrypted Macs, and they may also configure how often to rotate the personal key.
- Personal key escrow, providing a secure location for both end users and administrators to access the personal recovery key for company-managed encrypted Macs.
This new development is part of a bigger process that simplifies macOS management with the help of Microsoft Intune.
Intune administrators will be able to secure Apple FileVault encryption, mobile device encryption, and Windows BitLocker from a single place.