I'm in the process of moving from JAMF Now to Pro. Currently have around 100 computers on JAMF Now and their FileVault key are store in the JAMF NOW Cloud. How can I migrate those recovery keys to Jamf Pro using profiles/policy script.
I know that i could go on the host computer. Switch off filevault. Remove computer on JAMF Now. Enroll into JAMF Pro and use a policy/script to escrow key to JAMF Pro cloud. But thats very involved.
Is there any other workflows that allow me to be more hands off.
Solved! Go to Solution.
I had a similar issue with bringing already FileVaulted machines into Jamf Pro. The only way i could figure out how to get the key into Jamf pro was to turn off FileVault on the machine and catch them with a config profile on next login.
So I'm moving about 120 machines that are encrypted on an on-premises Jamf server, to Jamf cloud. Am I correct in thinking that I can leave the machines encrypted, migrate them to the new server, then have a policy to issue a new FileVault recovery key and it should store it in Jamf?
Hi, I've got the same issue. I have about 100 macs on the site which have filevault enabled. I've just installed Jamf Pro and enrolled all clients to the server. I've setup the first policy to escrow filevault keys to jamf server but the second policy to renew the filevault key fails with this error:
Executing Policy Test Recover Filevault key
Error: Authentication error.
Is this the best way to get the keys to the jamf server from macs with filevault already setup?
I've also tried this script after deploying the configuration profile to redirect the filevault keys to jamf server.
It works and forces user to generate the new key but I don't see the new key in Jamf??? Even after running on the client sudo jamf recon to update inventory.