FileVault disk encryption for macOS

Question 1

How many methods can you use to create and deploy FileVault disk encryption for macOS ?

Answer 1

2
* endpoint security policy for FileVault
* settings catalog policy for FileVault

Question 2

What are the steps to configure an endpoint security policy for FileVault ?

Answer 2

1. Endpoint security > Disk encryption > Create Policy
2. Platform: macOS
3. Profile: FileVault
4. Configuration settings page:
   Set Enable FileVault to Yes.
   For Recovery key type, only Personal Recovery Key is supported.
   Configure other settings to meet your requirements
5. Scope
6. Assignments

Question 3

What are the steps to configure a settings catalog policy for FileVault ?

Answer 3

1. Devices > By platform > macOS > Manage devices > Configuration > Create > New policy
2. Create a profile page, select Settings catalog for the Profile type
3. Name + Description
4. Configuration settings page: select + Add settings
   FileVault settings are located under the Full Disk Encryption category
5. FileVault > Configure the following:
   Enable - Set to On
   Defer - Set to Enabled
   FileVault Recovery Key Escrow > Location - Specify a description of the location where the recovery key is escrowed. This text is inserted into the message the user sees when enabling FileVault.
6. Scope
7. Assignments

Question 4

4

Where can end users retrieve their personal recovery key for FileVault on a macOS device?

Answer 4

From the following locations:
* Company Portal website
* iOS/iPadOS Company Portal app
* Android Company Portal app
* Intune app

Question 5

What steps should users follow on the Company Portal website to get their recovery key?

Answer 5

Select Devices > the encrypted and enrolled macOS device > Get recovery key.

Question 6

True or False: Users can retrieve their FileVault recovery key using any device.

Answer 6

True