Help

Issue a new personal recovery key for already encrypted devices

AsimOFH
New Contributor

Posted on ‎01-16-2023 11:48 AM

I am noticing that all devices encrypted before manual Enrollment in to JAMF Pro, are missing personal recovery keys. Does anyone know how can I issue a new key to already encrypted devices, bearing in mind encryption happened prior to Jamf enrollment. Thank you :)

0 Kudos
3 REPLIES 3

AJPinto
Honored Contributor II

Posted on ‎01-17-2023 05:16 AM

Add the devices to Apple Business Manager and use Automated Device Enrollment. Do it the right way and everything will work.

 

FileVault needs to be enabled with a configuration profile or have the key redirection configuration profile installed before FV is enabled. Disabling FV and re-enabling FV may work, but you should still be use Automated Device Enrollment if at all possible.

0 Kudos

AsimOFH
New Contributor

Posted on ‎01-17-2023 05:20 AM

All our new devices are coming through the method you suggested above. This issue seems to be only with the existing devices which were set up prior to Jamf and hence we have to manually enrol them. If they were to be reset than FV and recovery works fine.

 

0 Kudos

channy-cl
New Contributor III

Posted on ‎01-17-2023 12:41 PM

I have not tested personally, but seems like my predecessor have used the script (found an inactive policy)

https://community.jamf.com/t5/jamf-pro/filevault-indiviual-key-reissue/m-p/242782

0 Kudos