FileVault Escrow IRK and Policies

New Contributor III

Hi Everyone,

Currently we have setup a config profile that creates a personal recovery key that uses the built in Escrow certificate from Jamf. My question is do we care about having a separate IRK? Previously we were using an IRK on Meraki. Also, would a second configuration profile need to be created with the custom IRK to get it deployed or what is the best method?

Next question be FV2 only asks the user on logout to enable encryption. Anyway we can force this on login? We are using Jamf Connect so not sure if this will cause any issues? Though our users are pretty good so even on logout is ok because we can just nag the stradlers that kept clicking cancel.

Whatever is best practice.