Help

FileVault - User not prompted to encrypt

VL
New Contributor III

Posted on ‎01-24-2024 03:28 AM

I'm trying to configure Jamf Pro to enforce the company requirement that devices are encrypted. Created a Configuration Profile that has Security and Privacy > FileValut > Enable FileVault enabled, but have also set Event to prompt FileVault enablement > At Login and Allow user to bypass FileVault prompts at login > Require after 3 attempts. However, when testing the Configuration Profile against my MacBook - which has FileVault turned off - I am not being prompted to enable FileVault.

I have repeatedly logged out/in, shutdown/started my laptop but at no time have I been prompted to enable FileVault. While my user account is a Standard user, I have tried logging in as the Admin user but still don't get prompted to enable FileVault.

What am I missing?

0 Kudos
7 REPLIES 7

Tribruin
Valued Contributor II

Posted on ‎01-24-2024 08:10 AM

Does your user have a Secure Token? Only a user with a secure token can enable FileVault. 

run this command in terminal to see if your user has a Secure Token:
sysadminctl -secureTokenStatus <<username>>

If you user does not have a secure token, you will need a user with a Secure Token to grant your user a secure token. 

0 Kudos

VL
New Contributor III

Posted on ‎01-24-2024 08:32 AM

Thanks for the response, @Tribruin, and having running the command for both my Standard user and the Admin user it reports for both that Secure Token is ENABLED.

0 Kudos

Tribruin
Valued Contributor II
In response to VL

Posted on ‎01-24-2024 08:54 AM

What are the results of these two commands:

fdesetup status

sudo fdesetup list

 

0 Kudos

AJPinto
Honored Contributor II

Posted on ‎01-24-2024 10:13 AM

What do you get when you run "fdesetup status"?

 

 

0 Kudos

VL
New Contributor III

Posted on ‎01-29-2024 01:20 AM

Sorry for the delay in following up your messages @Tribruin and @AJPinto.

Regarding running fdesetup status as both my Standard user account and the local Admin account, both report FileVault is Off.

As for sudo fdesetup list:

glennc,785E02A2-6698-4BFC-A506-C6BF02B14585

admin,AABDB9D3-9953-4A62-B8FE-5D3C060002B2

 

0 Kudos

AJPinto
Honored Contributor II

Posted on ‎01-29-2024 04:56 AM

According to the terminal output, FileVault is on. Users wont have FileVault tokens if FileVault is disabled. Assuming admin and glennc are your accounts, they should have FileVault tokens. 

 

Just a suggestion. User a different account name then admin for your local admin account, that name is really easy to guess.

0 Kudos

VL
New Contributor III

Posted on ‎01-29-2024 10:03 AM

@AJPinto don't know what "terminal output" you are referring to, but I'm not seeing anything that would indicate FileVault is ON.

System Settings > Privacy & Security > FileVault states OFF and if I select the option I have the option to Turn On...

Jamf Pro > Computers > Search Inventory > Select my laptop > Inventory > Disk Encryption states Not Encrypted.

Thanks for the comment regarding the admin username.

0 Kudos