Posted on 12-01-2021 02:38 AM
Hey,
I have a problem in my environment where I have a Smart Group ("FileVault Eligible Devices") set up according to best practice. (https://docs.jamf.com/technical-papers/jamf-pro/administering-filevault-macos/10.30.0/Creating_Smart...)
FileVault 2 Eligibility Is Eligible
AND
FileVault 2 Partition Encryption State Is Not Encrypted
Just like it states.
My problem is, however, that devices that already have FileVault enabled get put into this group. Now I no longer know which devices had FileVault enabled by JSS and which had it enabled prior to enrollment. (Most of the devices either report PRK as unknown/invalid or report encryption state as Unencrypted despite being encrypted, even FileVault enabled by JSS.)
I have created a Ticket to Jamf support about this, they elevated it to their Tier 2 team but they stopped responding to me. Could someone here have any insight?
Thanks!
Solved! Go to Solution.
Posted on 12-03-2021 12:45 AM
This works with inversed logic:
"FileVault 2 Partition Encryption State" "Is" "Not Encrypted" -->
"FileVault 2 Partition Encryption State" "Is Not" "Encrypted"
Posted on 12-03-2021 12:45 AM
This works with inversed logic:
"FileVault 2 Partition Encryption State" "Is" "Not Encrypted" -->
"FileVault 2 Partition Encryption State" "Is Not" "Encrypted"
Posted on 12-06-2021 08:55 AM
Thank you for replying with the solution - I had the exact same problem and had referenced the same documentation.