As mentioned above, in the interim, users can manually rotate and store their recovery key by running this macOS command line tool with their password: When this error occurs, the recovery key will not rotate and will still be valid.Īpple is aware of the issue, but we don’t have any updates on timeline for any changes. When a device is targeted by this profile and fails to rotate its recovery key, you’ll see the following error:Įxample error in the Microsoft Endpoint Manager admin center when a macOS device fails to rotate its recovery key. Screenshot of a macOS Endpoint protection policy with FileVault policy settings enabled in the Microsoft Endpoint Manager admin center. The ‘Personal recovery key rotation’ setting is configured under Device configuration - Profiles > Endpoint protection > FileVault: The Company Portal will still contain the valid key. Store recovery key example from a macOS device in the Company Portal website.Īfter saving this, the following error may occur:Įxample screenshot of a failed Rotate FileVault recovery key action on a macOS device on the Company Portal website.Īs a result of this error, the key will not rotate and will still be valid however, the key will not be stored in Intune until the command line tool provided above is run. This is found under > Devices > Store Recovery Key: The FileVault recovery key can also be rotated when a user uploads their current recovery key to the Company Portal website. Upload FileVault recovery key to the Company Portal website
The following error may occur after selecting this action:Įxample screenshot of a failed Rotate FileVault recovery key action on a macOS device in the Microsoft Endpoint Manager admin center. The ‘Rotate FileVault recovery key’ device action is found under Devices > Overview.Ī macOS device in the Microsoft Endpoint Manager admin center - Devices blade. Use ‘Rotate FileVault recovery key’ device action If you're experiencing issues with any of these methods, users can manually rotate and store their recovery key by running this command line tool with their password: There are three paths to rotating the FileVault recovery key for macOS in the Microsoft Endpoint Manager admin center : Using the ‘Rotate FileVault recovery key’ device action, uploading a recovery key to the Company Portal website, or using the ‘Personal recovery key rotation’ setting. We were recently alerted that some devices are failing to rotate their FileVault recovery key. This post has been republished via RSS it originally appeared at: New blog articles in Microsoft Tech Community.