We are having issues where Secure Token is not being assigned to the first user who logs in. (I THINK this started in mid-July, but am no 100% sure) In fact, according to an extension attribute we use to see who has Secure Token, no one has Secure Token on the Macs in question. This has caused endless issues including being unable to install macOS updates. This appears to be happening only on our faculty/staff machines, which are Filevault enabled. It does not appear to happen on our lab machines, with do not have Filevault enabled. I can't think of any changes we made in mid-July that would cause this issue.
Our Macs are bound to Active Directory (yes, I know, that's not recommended, but due to security software we use such as Admin by Request, we must do so.) The end user is the first person to log into the Mac. Our users are not admins on their machines, but can get admin privileges temporarily using Admin By Request.
Most of the Macs whose users don't have SecureToken are running macOS 14 (Sonoma,) but we have a couple who are running macOS 13 (Ventura.).
If anyone has an idea as to why this is happening, I'd love to hear your thoughts.