Intune has been updated to add support for macOS FileVault disk encryption, allowing you to increase the security of your Mac devices as you were already doing for your Windows devices with BitLocker.
This release includes:
- Personal recovery key rotation to help protect against unauthorized access using compromised keys. Intune administrators can rotate the personal recovery keys for company-managed encrypted Macs, and they may also configure how often to rotate the personal key
- Personal key escrow, providing a secure location for both end users and administrators to access the personal recovery key for company-managed encrypted Macs
To start using it connect to you Azure portal (https://portal.azure.com) or Device Management portal (https://devicemanagement.microsoft.com) and reach out the Device configuration\Profiles blade to create a new device profile as below:
- Platform: macOs
- Profile Type: Endpoint Protection
- Settings:
- FileVault
As for BitLocker, administrators will be able to get the FileVault recovery key from the device properties (if it is registered as a corporate device)