Posted on 07-29-2022 12:09 PM
I'm trying to switch to using just a profile to manage FileVault instead of a policy.
Currently we push out a profile that contains the following:
If I turn on "Enable FileVault" what would that do to existing computers if I pushed the profile back out as they all have FileVault enabled.
This is our current policy
We had both a config profile and policy because originally we had to move all our keys from Sophos to Jamf a couple of years ago and followed this guide homebysix/jss-filevault-reissue: A framework for re-escrowing missing or invalid FileVault keys with...
Additionally the reason we want to do this is to Enable FV as early as possibly before we run our DEPNotify script so users don't need to logout at the end of our DEPNotify process.
07-29-2022 01:42 PM - edited 07-29-2022 01:43 PM
@demaioj FV isn't going to enable without a logout cycle, so you're not going to be able to bypass that for your DEPNotify script if that's what you're running when enrolling a Mac.