Convert FileVault Institutional Key to Individual Key

New Contributor III

Anyone out there try converting an institutional key to an individual key with a policy? Our old Mac management tool had to use an institutional key for encrypting FileVault. I'd like to convert all of our existing devices to an individual key. Any info is appreciated!


Contributor III

I dont know about changing from institutional to an individual key, but you can certainly put a script together to remove the institutional key (you'd need the password for a filevault enabled user, I believe). Once thats done, you can have a config profile created and generate a new key and escrow to Jamf Pro.

The command should be fdesetup removerecovery -institutional. My scripting is not that great, or I'd attempt to write something for you