Pre-stage enrollment issue with 10.13.4. Popping up "SecureToken" window message after logging into AD for the first time.

@Johnny.Kim I had a similar issue but after logging in with an AD account without securetoken and enabling FileVault it will automatically assign SecureToken and encrypt the machine. Only other issue is that if you need to give the local admin account SecureToken the mobile account must be an admin account in order to do so. Standard accounts can not give other accounts securetoken

So i wanted to start testing 10.13.5 but for some reason I cant used DEP to enroll in Jamf using a Pre-Stage profile. It just hangs on trying to enroll. I contacted Jamf Support to see what the issue is.

@afarnsworth What OS verions and Jamf version? Also what is your "imaging" process?

The past year has been a great roller coaster ride with Apple and Jamf. It seems every time Apple changes something Jamf has to fix it, but in turn breaking something else, and we seem to be stuck in this circle.

-Peter

@McAwesome How do i import that into Jamf to create a profile to test?

I am seriously on my way to Windows machines in the near future. I am tired of fighting issues. I've worked in a Windows environment for close to 20 years so, yes, "I know what I am getting into". Macs are expensive, have to buy new adapters each time we upgrade (kind of like the iPhones, iPads, etc.) JAMF is expensive, etc. We are a school district and I am positive I can save us money going to Windows.

@McAwesome Or anyone else that could help, how do I create the plist for the configuration profile?

I'm still getting this pop-up, anyone ever find a good way to suppress it?

@brwnbn

Computer level config profile.
Preference domain: com.apple.MCX
Plist contents: {cachedaccounts.askForSecureTokenAuthBypass=true}

@cbrewer Thank you!