Skip to main content
Question

FileVault Key Escrow

  • August 10, 2021
  • 2 replies
  • 6 views
W
Forum|alt.badge.img+1

Howdy Folks,

My machines already had FileVault2 enabled on them before they were enrolled in JAMF  I have now enrolled them through User-Based enrollment but the personal FileVault keys are not being escrowed in JAMF.   I have the config profile setup created and the policy in Self Service for them to create new keys but I don't see any changes after what looks like a successful update.   After looking at sudo fdesetup details, I show both a key for administrator and the logged in user.  All of our machines are on some version of Big Sur 11.3 or greater.   Any assistance you can provide would be of great help.

    2 replies

    akw0045
    Forum|alt.badge.img+9
    • akw0045
    • Contributor
    • 19 replies
    • August 10, 2021

    Create a policy to change the FileVault key. This should record the new key in JAMF. 

    DBrowning
    Forum|alt.badge.img+24
    • DBrowning
    • Esteemed Contributor
    • 668 replies
    • August 11, 2021

    @WTIAdmin  Take a look over here.  Because jamf doesn't know about the existing key, you need to prompt users for their password in order to escrow a new key.  The Policy payload for reissuing a new key will only work if Jamf knows a valid existing key.


    Terms & ConditionsCookie settingsAccessibility statement