Posted on 01-10-2023 09:57 AM
Our setup has a generic local admin account to all enrolled macOS devices.
We have a policy for FileVault that triggers on logout. I know this can be bypassed but the current workflow works for now until I can get my scenario to work.
Our current fleet has encrypted and unencrypted devices.
We also have a number of devices prepped, ready to be assigned and not yet encrypted. These prepped machines will have the local admin account and then get delivered to our assigned users. We use Jamf Connect's Microsoft 365 login to allow assigned users a way to create their local user profile.
For the devices that are assigned and not yet encrypted, the assigned users have been canceling the encryption popup to bypass the encryption process.
My question is, what steps works best to meet the ideal scenario to enforce the FileVault trigger for only assigned users? (i.e. Smart Groups OR the policy's Custom Event OR another method OR a combination).
Posted on 01-11-2023 06:41 AM
I wouldn't have a policy trigger the Filevault but let Jamf Connect enable it. Jamf connect doesn't have the pop up. It's just encrypted by the time the account creation is completed.