You can select the default of Not configured, or a value of 1 to 12 months.Ĭhoose to hide the personal key from a device user during FileVault 2 encryption. Specify how frequently the personal recovery key for a device will rotate. This text is inserted into the message the user sees on their sign in screen when prompted to enter their personal recovery key if a password is forgotten. Specify a short message to the user that explains how and where they can retrieve their personal recovery key. When Enable FileVault is set to Yes, a personal recovery key is generated for the device during encryption and the following settings apply to that key:Įscrow location description of personal recovery key
You can enable Full Disk Encryption using XTS-AES 128 with FileVault on devices that run macOS 10.13 and later. As of macOS 10.15, FileVault configuration requires user approved MDM enrollment.
