Enabling Personal as the recovery type will allow the user of the device to use a recovery key to decrypt their device. Additionally, that key can be reported to the AirWatch Console to allow administrators to use the key to decrypt the device if necessary.

Use Personal keys rather than Enterprise keys because AirWatch can audit access to these keys, since they are escrowed in the AirWatch Console. Also, Personal keys are beneficial because they are unique to each device. This means that the compromise of one key on one device does not compromise the security of other devices.

Once this profile is deployed to the device, the user will see a prompt from the AirWatch Agent taking them through the process of encrypting the disk. If configured, users may also be shown the recovery key to give them the option of saving it for later use. After a reboot, the device will begin the encryption process in the background and the user can continue their daily tasks normally without fear of interruption.