Corporate and Personal recovery is useful if the user will benefit from viewing and keeping a Personal Recovery Key, but the company will need a quick way to decrypt the device using a Corporate (Institutional) Recovery Key when necessary.

To encrypt a device using both Corporate and Personal Recovery Keys:

  1. Configure a new Disk Encryption profile
  2. Choose Personal & Corporate as the recovery type and configure the recovery key settings as needed.
  3. Configure a FileVault Master Keychain. For more information on creating a FileVault Master Keychain, please refer to the section below.
  1. Upload the FileVaultMaster.cer to the Disk Encryption profile to encrypt the assigned computers with your Corporate Recovery Key.

Once FileVault is enabled on the device, the Personal Recovery Key will be reported to the server.