Enabling FileVault broken in new Pre-Stage Enrolment Profile

AndrewWilliamso
New Contributor II

Hey all - merry monday!

I'm having an issue with enabling FileVault via a configuration profile that had previously worked, but since enrolling new devices through a new/updated pre-stage enrolment profile, has stopped working.

The new pre-stage enrolment profile is a clone of the old one, but with additional config profiles to allow approved system extensions. However new devices enrolled through this new pre-stage profile are not enabling FileVault on first restart as they were on the old. It doesn't seem to be a Big Sur issue, as I have enrolled a Big Sur device on the old pre-stage profile without issues, and enrolled a Catalina device on the new pre-stag profile with issues.

Any guidance or clues in where to look would be appreciated!

As an aside and semi-related question - Some of our enrolled devices are reporting only partial encryption (Boot Partitions Encrypted) and others full encryption (All Partitions Encrypted) and I can't tell quite why...

Andrew

1 REPLY 1

Cayde-6
Valued Contributor

Cloning or Copying an existing configuration profile will not work as this breaks the certificates used during the creation of the original profile.

Try creating the profile from scratch