I'm attempting to switch computers from Jamf Now to Jamf Pro. I created a configuration profile for disk encryption and it's showing the device is encrypted. However when I view the settings on the device via inventory in Jamf, there's no Disk encryption configuration and the PRK is "unknown". When I try to reissue, the policy just sits at pending despite logging out/in or rebooting. I haven't been able to find anything helpful in documentation or on the web. Thanks.
Unfortunately, there is no easy way to do it without user interaction. We have a policy in Self Service that runs this script. It prompts the user for their password and the rotates the PRK. As long as you have a configuration profile that escrows the PRK to Jamf, it will capture the updated PRK to Jamf:
Thanks for this response. I've run this script as a self service policy as suggested. All seems to be going fine, and initially the user gets a message saying that a new PRK has been issues. However right after that the policy fails. I'm getting to following error messages: "User could not be authenticated" and "unable to unlock or authenticate to FileVault". I don't have any other policies or configurations in place that limit the user access to FileVault, so I am a bit stumped. Any help appreciated.