Add option to set macOS FileVault ShowRecoveryKey to False
Currently when FileVault is enabled with an Intune configuration profile the user is shown the recovery key and instructed to "save this recovery key and keep it in a safe place."
This is undesirable as there is a chance the user may not store the key safely. Instead, the preference is to *not* show the recovery key to the user after FileVault is enabled. If the recovery key is later needed the user can retrieve it from Intune Company Portal website (or IT help desk).
To accomplish this the ShowRecoveryKey option in the com.apple.MCX.FileVault2 payload must be set to False.
From Apple docs: "ShowRecoveryKey: Set to false to not display the personal recovery key to the user after FileVault is enabled. Defaults to true."
I propose that this option be offered in the FileVault profile config in Intune.
See attachments for an example of the recovery key dialog that is currently shown to the user, and a mockup of the new proposed option in the profile config.
Apple's Configuration Profile Reference document:
Nathan Berger commented
Solid suggestion, wouldn't be too difficult to implement. I agree that the "You will not see this key again" prompt is pretty scary for users.