The instructions for creating institutional and personal recovery keys for Filevault through Meraki Systems Manager are extremely slim, so I'd really appreciate some specific help setting them up on a couple new MacBook Airs I'm deploying. This page (the only Systems Manager instructions I can find on the topic) explains how to decrypt, but not how to encrypt. Instead, at the bottom of the page, it says "Feel free to reference these instructions from Apple as well." Does that mean we should follow Apple's instructions in place of any instructions from Meraki? Or just be aware of them as an alternative? If the former, how do we connect the institutional key from those instructions to Systems Manager? (If it matters, we're enrolled in Apple's DEP.) If I'm setting these machines for deployment, should I create a profile that causes the user to skip the Filevault setup (because I would have already set that up), or that forces the user to follow it (in order to create his/her own additional individual key)? Also, I'm a little unclear on the overall concept here -- does this approach mean the same institutional key can be used on any Mac set up this way? Or does it somehow create a separate one for each (which would seem to be a much more secure approach)? If the former, how does one go about setting up new Macs to use the same key once you have already created an institutional key? (I thought I had created one in the past, but can't seem to locate any instructions referencing the steps I was supposed to take. Maybe because this process changed from Sierra to High Sierra with the advent of APFS?) Thanks for any assistance.
... View more