Big Sur FV2 Key Escrow in JSS and re-issue

New Contributor


We are starting to implement JAMF and a lot of end users have their FV2 key linked to their personal iCloud account.  With most machine already on Big Sur.  Has anyone had a successful way of re-issuing FV keys and escrowing them to JSS?   We have  these settings enabled, but on new computers it doesn't seem send the key to JAMF. We would like to also move the existing FV keys and escrow to JSS

Screen Shot 2021-08-06 at 8.56.29 AM.png

Screen Shot 2021-08-06 at 8.57.49 AM.png


Valued Contributor

If the device is already setup and encrypted, you'll need to prompt the user for their password in order to generate a new key that will then be escrowed. This would be a good start. 

New Contributor

Yes I started there, but with Big Sur I wasn't able to get it to run, It seems vastly out of date, since the "

  • Automatically redirect recovery keys to the JSS" is depreciated. 


deprecated? wait, what now? 

Valued Contributor

You'll need to use the "Escrow Personal Recovery Key settings:  I just used this method and escrowed a key on Big Sur.

Screen Shot 2021-08-06 at 14.04.36.png

New Contributor

I faced similar kind of issue last time, I am still searching for some proper solution.

Contributor II

Valued Contributor III

I'm using this and it's working fine on Big Sur Macs...caveat being I have no M1 to test, only T2's...

@scottb It does work on M1 as well

I just attempted running the script on a test machine and got the following result.  Any ideas?Screen Shot 2021-09-07 at 7.55.42 PM.png

Would have to see what your script looks like, but I'm going to guess that when you are defining the location of the TFlogo.png, you may have some illformed code based on the "Can't make file ":$:Applictions:logo:TFlogo.png" part of the error message.

Thanks for responding, I got it working last night.  Seems it did not like the file path I added in for our company's logo once I added file :// in front of the file path it worked like a charm.