Installing FileVault from policy on High Sierra.

@rcorbin I'm just getting around to testing FV and so far it's working for me with 10.13.4.

Our prestage adds admin account but skips all screens possible. We enable FV via a policy scoped to all computers that need FV that aren't already enabled. It's set to run at startup and checkin/ongoing. Policy is setting a disk encryption payload that requires FV2 at next login. Techs are prompted that FV must be enabled.

I confirmed our admin user that is created via prestage has a secure token via the sysadminctl command above. I tested logging in with an AD user, and I got the 10.13.4 securetoken prompt "Enter a securetoken administrator's name and password to allow this mobile account to login at startup time." Tech enters our admin account credentials and then that account can login at startup. I confirmed this AD user has a securetoken & there's a FV recovery key in JSS. If technician clicks bypass at that prompt, no securetoken is given and that user cannot login at startup, but they can be enabled via the system prefs - security - FV screen.

Filevault does take such a long time to enable on APFS though, what a mess.