Jamf Nation Community

kniption · ‎11-21-2017

Currently running JSS version=9.100.0-t1499435238

Applying disk encryption on next login via a policy. Individual Recovery Key, for current user or next user login is the encryption policy being applied. Testing on a single MacBook Pro Late 2015.

Policy applies successfully per JSS but never turns on VileVault for "Macintosh HD". Each login receive the message "Your administrator requires that you enable FileVault. MacBook is plugged into in AC power so that is not the problem. Any thoughts?

emily · ‎11-21-2017

10.13 support was introduced in 9.101, so I'm not sure you'd get the correct inventory information since FV2 reporting did change slightly for 10.13.

howie_isaacks · ‎11-21-2017

I wonder if this is being caused by what is discussed in this thread. Hopefully the final version of 10.13.2 won't interfere with our configuration profiles.

kniption · ‎11-21-2017

Sounds like I may have to go to 101, though JAMF told me 100 had full HS support but then recanted that to some degree.

Attempting to enable FV manually resulted in the following error message being displayed:

“Your computer is configured to escrow your FileVault recovery key using a mechanism that is no longer supported. Before enabling FileVault, remove the the corresponding configuration profile or delete the ‘com.apple.security.FDERecovery’ preferences from /Library/Preferences/.

emily · ‎11-21-2017

10.13 requires a new FileVault 2 key redirection profile for the keys to be stored by an mdm:
http://docs.jamf.com/9.101.0/casper-suite/administrator-guide/Issuing_a_New_FileVault_2_Recovery_Key...

This payload is new as of 9.101, and would not be in 9.100. It must be configured and deployed to 10.13 machines for FV2 key redirection to work. The old payload will not redirect FV2 individual recovery keys from 10.13 machines.

Jamf Nation Community

FileVault not applying properly on High Sierra Beta 10.3.2 (17C79a)