I want to get a recovery key for an individual device. I went to Jamf resources and watched a video on how to get a recovery key, but I did not find this item in my management.
I have Filevault enabled in my configuration profile and I have Recovery Key Redirection enabled.
Please tell me what I need to configure so that I can watch the recovery keys just like in the video
When I enter management, I do not have an item with an Individual key
Question
Recovery Key Dont Work
+3
+14Is FileVault enabled in the device in question? If not, Jamf won't escrow a Recovery Key. If FileVault is enabled, has the Mac inventoried since it was enabled?
Finally, FileVault Recovery Keys are listed under Inventory > Disk Encryption. The video is five years old, and I assume the UI has changed since then.
+3Is FileVault enabled in the device in question? If not, Jamf won't escrow a Recovery Key. If FileVault is enabled, has the Mac inventoried since it was enabled?
Finally, FileVault Recovery Keys are listed under Inventory > Disk Encryption. The video is five years old, and I assume the UI has changed since then.
FileVault is enabled on the machine, when I go to the Inventory, I get Personal Recovery Key Validation:
Unknown and there is no individual recovery key
+14FileVault is enabled on the machine, when I go to the Inventory, I get Personal Recovery Key Validation:
Unknown and there is no individual recovery key
Create a targeted policy to issue a new FileVault Recovery key and update inventory on the Mac:
I have such a policy scoped to Macs with invalid recovery keys that attempts to rotate the key once a day until successful.
+23Was this computer setup with FileVault before it was enrolled or before you setup the FileVault encryption on your Jamf Pro server? If it was already setup with FileVault, Jamf Pro won't escrow the recovery key. This computer needs to have the FileVault setup initiated through your Jamf Pro server. You can just turn off FileVault and then set it up again using the policy and profile you setup in Jamf Pro.
Was this computer setup with FileVault before it was enrolled or before you setup the FileVault encryption on your Jamf Pro server? If it was already setup with FileVault, Jamf Pro won't escrow the recovery key. This computer needs to have the FileVault setup initiated through your Jamf Pro server. You can just turn off FileVault and then set it up again using the policy and profile you setup in Jamf Pro.
You might also want to look at this new utility:
https://netflixtechblog.com/escrow-buddy-an-open-source-tool-from-netflix-for-remediation-of-missing-filevault-keys-in-mdm-815aef5107cd
It allow you to re-escrow a FileVault key just by having the user login.
+3Create a targeted policy to issue a new FileVault Recovery key and update inventory on the Mac:
I have such a policy scoped to Macs with invalid recovery keys that attempts to rotate the key once a day until successful.
I have an error when i try to activate this policy
+3Was this computer setup with FileVault before it was enrolled or before you setup the FileVault encryption on your Jamf Pro server? If it was already setup with FileVault, Jamf Pro won't escrow the recovery key. This computer needs to have the FileVault setup initiated through your Jamf Pro server. You can just turn off FileVault and then set it up again using the policy and profile you setup in Jamf Pro.
it was activated by configuration profile after enrollment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.