Skip to main content
Jamf Nation, hosted by Jamf, is the largest Apple IT management community in the world. Dialog with your fellow IT professionals, gain insight about Apple device deployments, share best practices and bounce ideas off each other. Join the conversation.
Posted: by mtaylor934
Downloads: 19


As of macOS High Sierra, users on an APFS volume are required to have a SecureToken in order to enable and disable FileVault encryption or unlock an encrypted disk. This EA is designed to reliably identify and report all users on macOS 10.13 and above that have a SecureToken. This is done using the diskutil binary rather than with the sysadminctl binary, as this has been known to report falsely in certain situations. The device must be running at least macOS 10.13.0 and the boot volume being APFS. If these criteria are not satisfied the EA will finish and report that the device was ineligible.


Generating Preview...