Help

Jamf Pro showing disk not encrypted but showing recovery key

Go to solution
jonna1006
Contributor

Posted on ‎02-15-2022 09:50 AM

I am using the Jamf Pro native vault configuration to escrow recovery key to Jamf Cloud after enabling vault. But recently some of machines I am managing showing not encrypted but I did receive the recovery key, while 1 MacBook Pro (M1) will not show "encrypted" and "recovery key" no matter what I tried. Can you anyone help?

Screen Shot 2022-02-15 at 11.45.01 AM.pngScreen Shot 2022-02-15 at 11.46.25 AM.png

0 Kudos
Reply
1 ACCEPTED SOLUTION

Go to solution
BWonderchild
New Contributor III
In response to jonna1006

Posted on ‎02-21-2022 10:12 AM

You sure can, yes. Jamf has a great page that details it: https://docs.jamf.com/10.27.0/jamf-pro/administrator-guide/Scripts.html . Regarding the actual script, could be as simple as:

#!/bin/sh

# Change the recovery key
sudo fdesetup changerecovery -personal

# Force device to check into Jamf
sudo jamf recon

exit 0

View solution in original post

Reply
7 REPLIES 7

Go to solution
junjishimazaki
Valued Contributor

Posted on ‎02-15-2022 10:17 AM

On the mac, have you tried sudo jamf recon? If that doesn't work, you can try creating another recovery key and reconing it back to Jamf.

On the mac in terminal: sudo fdesetup changerecovery -personal

This will prompt for a user that has a secure token and the password. Then it will generate a new key. once it does, run sudo jamf recon.

0 Kudos
Reply

Go to solution
BWonderchild
New Contributor III
In response to junjishimazaki

Posted on ‎02-17-2022 09:56 PM

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

0 Kudos
Reply

Go to solution
jonna1006
Contributor
In response to junjishimazaki

Posted on ‎02-18-2022 07:21 AM

Is there anyway to push script to achieve this? I currently have 3 MacBook Pro that will not show as "encrypted" and escrow recovery key to Jamf.

0 Kudos
Reply

Go to solution
BWonderchild
New Contributor III
In response to jonna1006

Posted on ‎02-21-2022 10:12 AM

You sure can, yes. Jamf has a great page that details it: https://docs.jamf.com/10.27.0/jamf-pro/administrator-guide/Scripts.html . Regarding the actual script, could be as simple as:

#!/bin/sh

# Change the recovery key
sudo fdesetup changerecovery -personal

# Force device to check into Jamf
sudo jamf recon

exit 0

Reply

Go to solution
jonna1006
Contributor
In response to BWonderchild

Posted on ‎02-21-2022 01:50 PM

I confirm that above script working like magic, thank you so much for your help!!

Reply

Go to solution
Matt_Roy93
Contributor

Posted on ‎02-15-2022 11:33 AM

I am experiencing a similar issue in our environment, it seems the profile to encrypt the drive may have ran and cached a key in the past but when the device was re-enrolled, re-imaged, etc. it did not apply the actual encryption.  I would try deleting the device and re enrolling this if possible to remediate.

0 Kudos
Reply

Go to solution
Matt_Roy93
Contributor

Posted on ‎02-15-2022 11:34 AM

If you push an additional profile for FV2 it will fail over and over because a key is present already.

0 Kudos
Reply