Jamf connect login not launching with filevault

rpayne
Contributor II

We are integrating Jamf connect with our environment. All our machines are Filevault enabled through policy. When connect is deployed to vanilla os installs, it launches as expected. Bootup is met with an Azure login as it should. However, when we deploy it to production machines in our environment with Filevault, the login is not replaced. If we disable Filevault on these target machines, connect will replace the login screen. Once we turn FV back on, it does not display again. These machines are on both Mojave and HS.

Thoughts?

3 REPLIES 3

koalatee
Contributor II

It is not meant to replace the Filevault login screen, there is no way of modifying that login - it will always show all Filevault enabled users. If you log out of these machines with Filevault on though, do you see Connect?

If you want to force people to always see the Connect Login, you can run

sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES

and that will force 2 logins, one for Filevault and then one for the OS.

rpayne
Contributor II

I guess the question is, is connect working if the login is not present at boot? Can we authorize the migrated user so the FileVault login isn't needed?

koalatee
Contributor II

Yes, FV happens before login window (which is what connect overlays). You cannot manipulate the FV login. You can turn FV off or have it like it is, no auto-pass through.

Macs with T2 chips have data encrypted at rest so you could not turn on FV and still have the drive encrypted.

https://derflounder.wordpress.com/2018/01/08/secure-enclave-mac-ssd-hardware-encryption-and-the-futu...