This might be old news, but this is the first we are seeing this....
Setup:
Macbook Air (Retina, 13-inch, 2018), T2 Chip, running Catalina, Filevault enabled for both the user and the hidden Admin account. Removed from Jamf because we were going to redeploy and reenroll.
Hidden Admin account can log in using Option+Enter on login screen without issue if iCloud hasn't been signed into by the user account.
If the user account signs into iCloud, it removes the option for Option+Enter, and the only option is to log in as the user or guest account.
If we boot to recovery, we have to have the users password to unlock the drive, the tech account doesn't show and there is no other option than the users account
If the user had left the district, or can't remember their password, we are essentially locked out of the device . We cannot unlock without that users local password.
I was able to reproduce this on another laptop with an account that I knew the passwords for :)
If I remove the device from iCloud.com, it appears to just mess up the users icloud account settings, but doesn't actually do anything to resolve the issue. If I sign out of iCloud completely, I get the Option+Enter again and can log in as the Hidden Admin account.
Anybody know of a way to get back into this device so we can redeploy it to another member of staff? We only want to format the harddrive, reinstall the os and start the process all over again.
