Posted on 03-26-2019 09:15 AM
We are integrating Jamf connect with our environment. All our machines are Filevault enabled through policy. When connect is deployed to vanilla os installs, it launches as expected. Bootup is met with an Azure login as it should. However, when we deploy it to production machines in our environment with Filevault, the login is not replaced. If we disable Filevault on these target machines, connect will replace the login screen. Once we turn FV back on, it does not display again. These machines are on both Mojave and HS.
Thoughts?
Posted on 03-26-2019 09:49 AM
It is not meant to replace the Filevault login screen, there is no way of modifying that login - it will always show all Filevault enabled users. If you log out of these machines with Filevault on though, do you see Connect?
If you want to force people to always see the Connect Login, you can run
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
and that will force 2 logins, one for Filevault and then one for the OS.
Posted on 03-26-2019 09:55 AM
I guess the question is, is connect working if the login is not present at boot? Can we authorize the migrated user so the FileVault login isn't needed?
Posted on 03-27-2019 04:48 PM
Yes, FV happens before login window (which is what connect overlays). You cannot manipulate the FV login. You can turn FV off or have it like it is, no auto-pass through.
Macs with T2 chips have data encrypted at rest so you could not turn on FV and still have the drive encrypted.