just curious if anyone has ran into this scenario.
before purchasing jamf, i already had filevault enabled for my mac users, I was saving the recovery key to a safe somewhere in our environment.
now that i have jamf, i want jamf to manage those keys with its filevault profile. would i need to decrypt my devices? and re-encrypt upon enrollment so that jamf can manage those encryption keys?
I recommend that you reissue FileVault keys and escrow them in Jamf, as per your request.
To achieve that you have to:
• Create a configuration profile that explicitly escrow FV keys to Jamf ;
• Create a script to reissue key (continue reading...) ;
• Create a policy to reissue key ;
Here's a link for the how-to!