Posted on 11-19-2018 08:28 AM
I need to enable FileVault 2 on all of the Macs. Is there a good how-to on doing this? Is there a way to have a company-owned decryption key that can unlock the FV2 encrypted Macbook when the employee leaves and we don't have the user password?
Posted on 11-19-2018 08:36 AM
This workflow still works for us.
Posted on 11-19-2018 08:37 AM
https://docs.jamf.com/10.5.0/jamf-pro/administrator-guide/Managing_Disk_Encryption_Configurations.html
Posted on 11-19-2018 11:28 AM
The only gotcha I would mention with the Jamf workflows is that if the user doesn't have a secure token for some reason, any attempt to enable FV will fail. I have yet to see a robust way of managing secure tokens to address issues with accounts being created or passwords changed in a way that leads to a disabled secure token.