I'd love to go back to the Sierra days when I could initiate FV2 deferred enablement for AD mobile accounts and call it a day. Here's what I've tried so far.
- Use the local admin user that already has a SecureToken (created by PreStage Enrollment as the additional admin account) to run the following
sudo /System/Library/CoreServices/ManagedClient.app/Contents/Resources/createmobileaccount -n [ADUSERNAME] -a [SecureTokenAdminName] -U [SecureTokenAdminPassword]
sudo sysadminctl -secureTokenStatus [ADUSERNAME]
Verify that "Secure token is ENABLED for user [ADUSERNAME]"
- Log into AD Mobile Account user
- Run jamf policy to perform FV2 deferred enablement for either login or logout
- Logout or Login FV2 enablement dialog box does appear but encryption does not begin
Running 'fdesetup status' continues to show
FileVault is Off.
Deferred enablement appears to be active for user [ADUSERNAME]
