filevault already enabled before enrollment

jorge_blandon
New Contributor III

just curious if anyone has ran into this scenario.

before purchasing jamf, i already had filevault enabled for my mac users, I was saving the recovery key to a safe somewhere in our environment.

now that i have jamf, i want jamf to manage those keys with its filevault profile. would i need to decrypt my devices? and re-encrypt upon enrollment so that jamf can manage those encryption keys?

2 REPLIES 2

dpv_bnc
New Contributor II

Hello.

I recommend that you reissue FileVault keys and escrow them in Jamf, as per your request.
To achieve that you have to:
• Create a configuration profile that explicitly escrow FV keys to Jamf ;
• Create a script to reissue key (continue reading...) ;
• Create a policy to reissue key ;

Here's a link for the how-to!
https://hcsonline.com/support/white-papers/how-to-reissue-a-recovery-key-for-filevault
🙂

Welcome aboard!

jzarate
New Contributor II

@dpv_bnc Thank you for the clear instruction. This has been successfully deployed at my company.