On FileVault-enabled Macs, disk encryption ties directly to the user password. If the password is lost, recovery relies on keys. Apple supports two key models: thepersonal recovery key (PRK)and the institutional recovery key (IRK). The PRK is unique per device and can be escrowed securely to an MDM solution. In the event of a forgotten password, the IT administrator can retrieve the PRK from MDM and provide it to the user for unlocking the Mac. Apple strongly recommends escrow of PRKs in enterprise deployments to ensure encrypted Macs remain recoverable without requiring device erasure.
[References:Apple Platform Security — “FileVault”; Apple Platform Deployment — “Manage FileVault with MDM.”, , ]
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit