FIleVault Key is Unknown M2 Mac

New Contributor II

Hello Everyone, i have a Problem with 2 Devices, one of them ist with the new M2 Chip and the other One is an Intel Mac. Both of them show me that in jamf:  Personal Recovery Key Validation:Unknown

But FileVault 2 Partition Encryption State:Encrypted.

I am able to see the Personal Recovery Key in terminal but there is a Problem with the transfer to Jamf. Ihad tried with jamf recon but nothink happens. Can anyone help please.


New Contributor II

Decrypt and encrypt again. 

Contributor III

On one of the systems, run a policy with the Disk Encryption payload and the Action set to "Issue new Recovery Key", and the Recovery Key type as "Individual".  As long as your initial FileVault profile/policy was set to send the keys to Jamf Pro, it should issue and escrow a new key.

There's also a Jamf script that uses the Jamf Helper to prompt the user for their password and then creates a new recovery key.  Check the script at and modify for your needs.  It should still work on Apple Silicon.

New Contributor II

Thank you Very Much, i had tried it on the Device directly with two commands:
sudo fdesetup changerecovery -personal

and then Sudo jamf recon, it works :) 

Also, if possible help me with that; I've tried those 2 commands, runs good, I could see the RecoveryKey on terminal but still showing as unknown on Jamf

New Contributor II

i have another question, we also have a hidden Admin Account, whwhich is created during the enrollment, by some Users, i see the Admin Account as FileVault User, how can i change thhis easily ? 

Hey, can you explain how to create this hidden Admin Account?

Valued Contributor

Hi.. In the prestage..go to 'account settings'   there is a checkbox " Hide managed administrator account in Users & Groups"