Installing and Using Native Encryption Management

Native Encryption Management replaces Full Disk Encryption.

How to manage user acquisitions of mobile accounts using Full Disk Encryption on macOS 10.13 or later: sk122674.

SmartEndpoint Settings for Native Encryption Management

Only these settings can be used to manage the Native Encryption Management feature on the client:

  • Recovery

    • Full Disk Encryption - Native Encryption Recovery Media.

    • Full Disk Encryption - Native Encryption Remote Help.

  • User Acquisition

    • Full Disk Encryption - Pre-boot enforcement will begin after the acquisition process has acquired X user(s).

  • Volume Encryption

    • Only protection of the system volume is supported.

  • Deployment

    • Download Mac Client - select the Full Disk Encryption feature.

Password Reset and Data Recovery

You can help users recover FileVault-encrypted data if they can't log in to their Mac.

You can help users recover their data or reset their password using a personal recovery key that is unique to the client computer. Resetting the password can be done remotely.

Password Reset Using a Personal Key

If a user forgets the login password, the administrator can send a personal recovery key to the remote user, to allow them to log in. The key is a string of letters and numbers separated by dashes.

  1. Find the serial number of the locked device. It is usually printed on the back of the device.

  2. Give the serial number to the support representative.

  1. Get the serial number of the locked device from the user.

  2. In SmartEndpoint, select Users and Computers.

  3. In Global Actions, click Native Encryption Recovery Media.

  4. In the Native Encryption Remote Help window, type the Serial Number.

  5. Click Get Recovery Key.

  6. Give the recovery key to the user.

  1. Get the Recovery Key from the support representative.

  2. Restart the Mac.

  3. In the FileVault pre-boot screen, click the ? button.

    A message shows: If you forgot your password you can reset it using your Recovery Key.

  4. Type the Recovery Key, and click ->.

    progress bar shows.

  5. For Local Users:

    1. In the Reset Password window, the user enters a new password, and optionally, a password hint.

    2. Click Reset Password.

How to update the Personal Recovery Key (PRK) for Native Encryption Management FileVault, see sk138352.