Help

Hiding FileVault in setup assistant - greyed out

Go to solution
aandino
New Contributor III

Posted on ‎06-23-2023 06:36 AM

I'm trying to hide FileVault option from being offered in setup assistant during pre-stage, and when I go to customize what steps I want to show, it's greyed out and I cannot skip it. Currently testing on a Mojave machine, but we also are deploying Ventura machines. Looking at Jamf and Apple documentation it seems I should be able to block this, but I can't figure out why its not allowing me to.

 

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
Bol
Valued Contributor

Posted on ‎06-23-2023 07:20 AM

Do you configure the 'Account Settings' payload, if so that is by design. 

Bol_1-1687529814373.png

Bol_0-1687529705012.png

Bol_2-1687529870227.png

 

 

View solution in original post

0 Kudos
Reply
6 REPLIES 6

Go to solution
Bol
Valued Contributor

Posted on ‎06-23-2023 07:20 AM

Do you configure the 'Account Settings' payload, if so that is by design. 

Bol_1-1687529814373.png

Bol_0-1687529705012.png

Bol_2-1687529870227.png

 

 

0 Kudos
Reply

Go to solution
aandino
New Contributor III
In response to Bol

Posted on ‎06-23-2023 07:56 AM

Yes, I do have that configured, but I see that message there explains why I can't tick the box. The only thing I have set up is pre-filling the user info from the SSO sign-in. I don't quite understand why that specifically would prevent FileVault from being disabled.

0 Kudos
Reply

Go to solution
Bol
Valued Contributor

‎06-23-2023 07:25 AM - edited ‎06-23-2023 07:26 AM

So it's a little back to front in whats written (will disable in Setup Assistant) where items you want disabled are ticked. Jamf is actually disabling the check box as empty when I guess it should be greyed out with a tick, if that makes sense.

0 Kudos
Reply

Go to solution
Bol
Valued Contributor

Posted on ‎06-23-2023 08:23 AM

I believe (might be wrong) unless user creation is completely handed off to setup assistant during enrolment, then filefault needs to be enabled upon login of that user.

0 Kudos
Reply

Go to solution
Bol
Valued Contributor

Posted on ‎06-27-2023 07:28 PM

There's a known issue where the recovery key isn't escrowed to mdm when FV is enabled during setup.

0 Kudos
Reply

Go to solution
whiteb
Contributor II

‎03-28-2024 04:09 PM - edited ‎03-28-2024 04:31 PM

I too, want to pre-fill primary account information from SSO / Google LDAP and Lock primary account information at the local account creation screen, without enabling FileVault during Setup Assistant.

It's good to know that the reason Filevault is greyed out for us is because we have the 'Account Settings' payload configured.

What doesn't make any sense is why only recently, random enrollments are getting prompted to set up Filevault during Setup Assistant. PreStage hasn't been touched. I'd be ok with checking Filevault under 'Setup Assistant Options', but I can't, since Account Settings is configured, for reasons stated above.

Edit: It appears in 14.4, there is a new feature - "MDM can now enforce FileVault for standard users at Setup Assistant." That might correlate with what I've been seeing. But I don't know how to prevent this from happening. Actually, thinking about it more, I saw this issue on a fresh Ventura re-image as well, so maybe not related to 14.4+

0 Kudos
Reply