How do you handle encryption when a machine is decommisioned?

New Contributor III

I'm looking at our lifecycle management for Macs. I've seen people deleting the records in Jamf but keeping track in asset management tools.

We recently switched to Jamf for encryption management so the key is gone when we delete the record.

I'm thinking we will add decryption to our decommissioning process if we have to keep the laptop for some time until it's wiped. Maybe put them in a group to change the configuration profile for filevault.

Just curious what others are doing.

Thanks in advance!


Valued Contributor II

For us, we run an OS install out of Self-service with the eraseinstall flag set. So long as the computer has been removed from DEP it will come up clean before it is sent on its way.