IT and safety groups have approached this downside from a number of angles prior to now. On a per-computer foundation, a brand new key could be generated by disabling and re-enabling FileVault, however this leaves the pc in an unencrypted state briefly and requires a number of steps. The built-in fdesetup
command line software will also be used to generate a brand new key, however not all customers are snug getting into Terminal instructions. Plus, neither of those concepts scale to fulfill the wants of a fleet of Macs tons of or hundreds sturdy.
Another method has been to make use of a software able to displaying an onscreen textual content enter area to the consumer with the intention to show a password immediate, after which go the offered password as enter to the fdesetup
software for producing a brand new key. However, this requires IT and safety groups to speak prematurely of the remediation marketing campaign to affected customers, with the intention to give them the context they want to reply to the extra password immediate. Even extra regarding, this password immediate method has a detrimental impact on safety tradition as a result of it contributes to “consent fatigue.” Users shall be extra prone to approve different kinds of password immediate, which can inadvertently prime them to be focused by malware or ransomware.
The excellent resolution can be one which could be automated throughout your total fleet whereas not requiring any further consumer interplay.