Just had a batch of new Macs arrive Today and noticed that after enrolment they all report to the JSS that FileVault 2 Partition State is "Encrypted". This is despite FileVault not being enabled and no password prompt prior to booting into the OS. This has happened on all the new Macs that arrived. I can manually enable FileVault, this works fine.
I'm assuming this is something to do with the new Secure Boot?
As the new Macs are not showing as encrypted the FileVault policies we have in place are not being applied, as they don't fall into the smart group.
Has anyone else ran into this issue?
Were you able to get encryption to start?
I came here to post the same thing. In my case, even after adjusting the criteria to make these systems fall into the unencrypted smart group and running our deployment to enable FileVault the encryption process isn't starting. The deployment completes successfully and reboots, when logging in we're prompted if we want to enable FileVault and when we select to enable it just takes us to the desktop and encryption never starts.
You still need FileVault so that the machines need a password to decrypt.
Apple still recommend turning on FileVault: https://support.apple.com/en-gb/HT208344
@ jcafarelli , Not had any issues with enabling FileVault, it was just getting the Macs into the smart groups.