I'm working with a 13-inch Retina MacBook Pro with TouchID (Mid 2017) using OS X 10.13.6 that is being prepped for deployment. This unit will eventually be encrypted, but at the moment it is not.
Early on, one of the other techs ran into an issue initially with laying down the thin image. When I got it, I erased and reformatted the hdd to APFS, installed 10.13.6 and then applied the thin image. Alle went well. Subsequently, through the normal course of setup and verification, I ran into an unexpected dialogue box. After establishing our local admin accounts, I then bound it to AD; rebooted it and logged in using AD credentials. It was here I ran into: "Enter a SecureToken administrator's name and password to allow this mobile account to use FileVault." I had never run into this before on system that FV was disabled. Currently, there are no configuration profiles applied that require FV to be enabled either.
I checked the system extensively, but nowhere did it indicate the FV was enabled. This has me puzzled as I did nothing different in the setup aside from erasing and reinstalling the OS. And prior to that the system was not in an encrypted state. I've even gone so far to enable and disable FV and then try logging in with AD creds to test again and I've gotten the same behavior.
This is the first time we have run into anything like this and we are constantly setting up new devices. Has anyone else run across this??
