We are integrating Jamf connect with our environment. All our machines are Filevault enabled through policy. When connect is deployed to vanilla os installs, it launches as expected. Bootup is met with an Azure login as it should. However, when we deploy it to production machines in our environment with Filevault, the login is not replaced. If we disable Filevault on these target machines, connect will replace the login screen. Once we turn FV back on, it does not display again. These machines are on both Mojave and HS.
It is not meant to replace the Filevault login screen, there is no way of modifying that login - it will always show all Filevault enabled users. If you log out of these machines with Filevault on though, do you see Connect?
If you want to force people to always see the Connect Login, you can run
sudo defaults write /Library/Preferences/com.apple.loginwindow DisableFDEAutoLogin -bool YES
and that will force 2 logins, one for Filevault and then one for the OS.
Yes, FV happens before login window (which is what connect overlays). You cannot manipulate the FV login. You can turn FV off or have it like it is, no auto-pass through.
Macs with T2 chips have data encrypted at rest so you could not turn on FV and still have the drive encrypted.