| title | FileVault encryption protects data on macOS devices |
|---|---|
| ms.author | brenduns |
| author | brenduns |
| ms.topic | include |
| ms.date | 09/16/2025 |
| ms.custom | Intune-Secure-Recommendation |
Without properly configured and assigned FileVault encryption policies in Intune, threat actors can exploit physical access to unmanaged or misconfigured macOS devices to extract sensitive corporate data. Unencrypted devices allow attackers to bypass operating system-level security by booting from external media or removing the storage drive. These attacks can expose credentials, certificates, and cached authentication tokens, enabling privilege escalation and lateral movement. Additionally, unencrypted devices undermine compliance with data protection regulations and increase the risk of reputational damage and financial penalties in the event of a breach.
Enforcing FileVault encryption protects data at rest on macOS devices, even if lost or stolen. It disrupts credential harvesting and lateral movement, supports regulatory compliance, and aligns with Zero Trust principles of device trust.
Remediation action
Use Intune to enforce FileVault encryption and monitor compliance on all managed macOS devices: