LogMeIn support sites no longer support Microsoft's Internet Explorer (IE) browser. Please use a supported browser to ensure all features perform as they should (Chrome / FireFox / Edge).

The GoTo support site no longer supports Safari 15. Please upgrade your browser to Safari 16 (or newer) or switch to a supported browser such as Google Chrome, Mozilla Firefox, or Microsoft Edge.

Simply secure and manage all devices. Discover LogMeIn Resolve Mobile Device Management.

We are currently experiencing an unplanned outage for this product.
  • Support
  • Products

    Explore support by product

    GoTo Connect

    All-in-one phone, meeting and messaging software

    GoTo Meeting

    Video and audio meeting software

    GoTo Webinar

    All-in-one webinar and virtual events software

    GoTo Room

    Conference room hardware

    GoTo Training

    Online training software

    OpenVoice

    Audio conferencing software

    Grasshopper

    Lightweight virtual phone system

    join.me

    Video conferencing software

    LogMeIn Resolve

    IT management & support

    LogMeIn Resolve MDM

    Mobile device management

    LogMeIn Pro

    Remote device access

    LogMeIn Central

    Remote monitoring & management

    LogMeIn Rescue

    Remote IT support

    GoToMyPC

    Remote desktop access

    GoToAssist

    Remote support software

    Hamachi

    Hosted VPN service

    RemotelyAnywhere

    On-prem remote access solution
  • Community
  • Service Status

  • Try the improved My Cases portal

    Easily manage your ticket, track its status, contact us from an existing case, and more.

    Sign in to try
  • Language selector icon Language selector icon
    • English
    • Français
    • Italiano
    • Deutsch
    • Español
    • Português
    • Nederlands
  • Contact Support
  • Service Status
  • User Avatar User Avatar
    • Support
    • Contact Support
    • Browse Products
    • Service Status
    • Community
    • Sign in
    • User Avatar
    • My Account
    • Personal Info
    • Sign In & Security
    • My Cases
    • Billing Center
    • https://link.goto.com/myaccount-billing
    • My GoTo Connect
    • My Meetings
    • My Webinars
    • My Trainings
    • My Conferences
    • My Resolutions
    • My Mobile Devices
    • My Sessions
    • My Sessions
    • My Incidents
    • Sign out
  • Device Platforms
  • iOS and macOS
  • macOS
  • Device Data and Configuration
product logo
Back button image Back
Back button image
product logo

Escrow the personal recovery key for the encrypted macOS device

Due to restrictions set by Apple, the escrowing personal recovery key with LogMeIn Resolve MDM works only during encryption. This means that escrowing the personal recovery key on an already encrypted macOS device requires some additional steps.

After deploying the FileVault configuration profile, access the encrypted macOS device and perform either one of the following:

  • Change the recovery key
  • Disable FileVault

You can find the detailed procedures in the following subsections.

Change the recovery key

Before you begin:
Note: You need to have administrator privileges to perform this procedure.
  1. Open the Terminal on the macOS device.
  2. Run the following command:
    sudo fdesetup changerecovery -personal
  3. Enter the username and password.

    Result: The new FileVault recovery key is shown.

  4. Log in to the LogMeIn Resolve MDM console.
  5. Select Devices, and after that select the device in question.
  6. From the Actions menu, select Sync now.

Disable FileVault

Before you begin:
Note: You need to have administrator privileges to perform this procedure.
  1. Open the Terminal on the macOS device.
  2. Run the following command:
    sudo fdesetup disable
  3. Enter the username and password.

    Alternatively, you can perform steps 1 – 3 also from the macOS settings: System settings > Privacy & Security > FileVault.

  4. Log out from the macOS device.
  5. Log in to the macOS device.

    FileVault is enabled automatically, and a new recovery key is generated. Wait for the process to complete.

  6. Log in to the LogMeIn Resolve MDM console.
  7. Select Devices, and after that select the device in question.
  8. From the Actions menu, select Sync now.

Results: With both options, the last step causes the new recovery key to be collected and stored to LogMeIn Resolve MDM.

Note: After selecting Sync now, it takes a while before the recovery key becomes visible.

Article last updated: 3 March, 2025

Need help?

Contact icon Contact support
Manage Cases icon Manage cases
Video icon Watch videos
  • Language selector icon Language selector icon
    • English
    • Français
    • Italiano
    • Deutsch
    • Español
    • Português
    • Nederlands
  • About Us
  • Terms of Service
  • Privacy Policy
  • Trademark
  • Do Not Sell or Share My Personal Info
  • Browse Products
  • Copyright © 2025 GoTo Group, Inc. All rights reserved

Collaboration Products

GoTo Connect

GoTo Meeting

GoTo Webinar

GoTo Training

join.me

Grasshopper

OpenVoice

Remote Solutions Products

GoTo Resolve

Rescue

GoToAssist

Access Products

Pro

Central

GoToMyPC