More Linux resources. Our latest Linux articles. Protect external storage with this Linux encryption system. Use Linux Unified Key Setup to encrypt your thumb drives, external hard drives, and other storage from prying eyes. Seth Kenlon Red Hat. Encrypt your files with this open source software. VeraCrypt offers open source file-encryption with cross-platform capabilities. Topics Linux. Security and privacy. About the author.
He has worked in the film and computing industry, often at the same time. He is one of the maintainers of the Slackware-based multimedia production project Slackermedia. More about me. Select "Disk Utility" and click "Continue". Select startup disk in left-hand sidebar and click "Mount".
Enter recovery key in password field and click "Unlock". To unlock and boot a FileVault-encrypted startup disk: 1. Enter the recovery key. Click "Cancel" to permit login using alternate user credentials. Helpful Unhelpful 17 of 92 people found this page helpful. Subscribe This Article Category Knowledgebase. FileVault is a whole-disk encryption program that is included with macOS.
Endpoint security policy for macOS FileVault. The FileVault profile in Endpoint security is a focused group of settings that is dedicated to configuring FileVault. View the FileVault settings that are available in profiles for disk encryption policy.
Device configuration profile for endpoint protection for macOS FileVault. FileVault settings are one of the available settings categories for macOS endpoint protection.
For more information about using a device configuration profile, see Create a device profile in Intune. View the FileVault settings that are available in endpoint protection profiles for device configuration policy.
Intune provides a built-in encryption report that presents details about the encryption status of devices, across all your managed devices. After you create a policy to encrypt devices with FileVault, the policy is applied to devices in two stages. First, the device is prepared to enable Intune to retrieve and back up the recovery key. This action is referred to as escrow. After the key is escrowed, the disk encryption can start.
In addition to using Intune policy to encrypt a device with FileVault, you can deploy policy to a managed device to enable Intune to assume management of FileVault when the device was encrypted by the user. This scenario requires the device to receive FileVault policy from Intune, followed by the user uploading their personal recovery key to Intune. User-approved device enrollment is required for FileVault to work on a device.
The user must manually approve of the management profile from system preferences for enrollment to be considered user-approved. Following are the FileVault permissions, which are part of the Remote tasks category, and the built-in RBAC roles that grant the permission:. Sign in to the Microsoft Endpoint Manager admin center. On the Create a profile page, set the following options, and then click Create :. Name : Enter a descriptive name for the policy.
Name your policies so you can easily identify them later. For example, a good policy name might include the profile type and platform. Description : Enter a description for the policy.
This setting is optional, but recommended. On the Configuration settings page, select FileVault to expand the available settings:. For Escrow location description of personal recovery key , add a message to help guide users on how to retrieve the recovery key for their device. This information can be useful for your users when you use the setting for Personal recovery key rotation, which can automatically generate a new recovery key for a device periodically.
For example: To retrieve a lost or recently rotated recovery key, sign in to the Intune Company Portal website from any device. In the portal, go to Devices and select the device that has FileVault enabled, and then select Get recovery key. The current recovery key is displayed. Configure the remaining FileVault settings to meet your business needs, and then select Next. On the Scope Tags page, choose Select scope tags to open the Select tags pane to assign scope tags to the profile.
On the Assignments page, select the groups that will receive this profile.
0コメント