Institutional and Personal recovery is useful if the user will benefit from viewing and keeping a Personal Recovery Key, but the company will need a quick way to decrypt the device using a Institutional Recovery Key when necessary.
Procedure
- Configure a new Disk Encryption profile.
- Choose Personal & Institutional as the recovery type and configure the recovery key settings as needed.
- Configure a FileVault Master Keychain. For more information, see the Configure a FileVault Institutional Recovery key section.
- Upload the FileVaultMaster.cer to the Disk Encryption profile to encrypt the assigned computers with your Institutional Recovery Key
