Employees complaining about enrolled laptops slowness after waking from sleep - 25 second delay

kyndi-roy
New Contributor II

This is really frustrating. If I fully apply all CIS 7 security controls onto an enrolled laptop in Jamf Pro. Once it sleeps then wakes, it can take approximately 25 seconds before login window. This is on the new M1 laptop. On the older laptop it takes 7 seconds. Not sure if this is a bug in Jamf or something else. This doesn't appear on the new M1 laptop w/o Jamf Pro enrollment. Ideas anyone? 

6 REPLIES 6

ericjboyd
Contributor

Are these macs bound to AD or are you using Jamf Connect or some other IDP connector?

Are these macs on Ethernet or wifi?

Are your DHCP, DNS, and Jamf servers all accessible immediately, or is there a network security check?

Do you have Powernap enabled?

Is the FV2 key set to destroy at hibernation?

kyndi-roy
New Contributor II

Jamf Connect but not necessarily logged in. SSO OKTA. All Macs are on WiFi. Yes they are on DHCP/DNS. Security checks are what I described via the CIS controls configured in Jamf Pro. Power Nap disabled per policy. I belive FV2 key are set to destroy at hibernation per CIS policy.

What is the grace period for the last inventory? Are most of the complaints on Monday?
Without power nap I don’t think jamf can recon, so there may be a recon happening first. 

kyndi-roy
New Contributor II

The are configured using Jamf Connect but not necessarily logged into it. IDP OKTA. Mac are all WiFi in remote locations. Yes DHCP/DNS and they can access Jamf servers immediately. Security checks are what is configured per Jamf CIS configurations. Power Nap disabled per policy. I think FV2 is set to destroy key at hibernation again per policy.

boberito
Valued Contributor

if I remember CIS suggests enabling destroy filevault key on sleep or whatever. That hasn't been needed(due to hardware encryption) or worked well for some time. So maybe thats it?

It could be any of these or a combination. 
or something else completely. Need more info.