Posted on 02-15-2021 06:42 AM
Hey all - merry monday!
I'm having an issue with enabling FileVault via a configuration profile that had previously worked, but since enrolling new devices through a new/updated pre-stage enrolment profile, has stopped working.
The new pre-stage enrolment profile is a clone of the old one, but with additional config profiles to allow approved system extensions. However new devices enrolled through this new pre-stage profile are not enabling FileVault on first restart as they were on the old. It doesn't seem to be a Big Sur issue, as I have enrolled a Big Sur device on the old pre-stage profile without issues, and enrolled a Catalina device on the new pre-stag profile with issues.
Any guidance or clues in where to look would be appreciated!
As an aside and semi-related question - Some of our enrolled devices are reporting only partial encryption (Boot Partitions Encrypted) and others full encryption (All Partitions Encrypted) and I can't tell quite why...
Posted on 02-15-2021 07:10 AM
Cloning or Copying an existing configuration profile will not work as this breaks the certificates used during the creation of the original profile.
Try creating the profile from scratch