The Recovery Key feature in SureMDM helps administrators securely retrieve or generate the FileVault recovery key for managed macOS devices. This recovery key can be used to regain access to a device in case the user forgets the login password.
Purpose
The purpose of this article is to provide the steps to generate or retrieve the recovery key for macOS devices from the SureMDM Console.
Prerequisites
- Active SureMDM Account having Super User access.
- The macOS device is enrolled in SureMDM.
- The device is online and actively syncing with the SureMDM server.
- FileVault encryption is enabled on the macOS device.
Steps
- Login to SureMDM Console.
- Navigate to Profiles > macOS > New Profile > Choose Device Enrollment and Automated Device Enrollment > Security > FileVault Policy > Enable FileVault > Enable “Override User Configured FileVault Settings”.
- Choose the “Override Method for User Configured FileVault settings”:
Preferred method would either be “Use Admin Credentials” OR “Use Service Account”:
- Use Admin Credentials: If an admin account apart from the local/standard account is configured on all the enrolled macOS devices which has the same username and password, this method can be used.
- Use Service Account: If SureMDM Agent Service account is configured on all macOS devices, then this method can be used.
Note: If a default profile is already configured, the above settings can be configured within the same profile.
- Once after all the required configurations are made, save the profile and deploy it on your devices.
- Refresh/reboot the device. Once the device is refreshed/rebooted the Recovery key will be fetched on the SureMDM Console:
Conclusion
Using the Recovery Key feature in SureMDM allows administrators to securely retrieve FileVault recovery keys for managed macOS devices. This helps ensure continued access to encrypted devices while maintaining device security and compliance.
Need more help? Here’s how to get help from our experts.