Help

Unencrypt filevault is not getting renabled by JAMF

rajamsg
New Contributor

Posted on ‎07-22-2022 07:20 AM

I am doing FileVault policy testing, as part of my testing i did following but not working as expected.

1) I configured Disk Encryption Policy with in JAMF and set the scope for our test devices --> Worked great.

2) As part of my negative testing, i turned off the encryption with MAC manually and waiting for the JAMF to repush the policy but not happening --> Need some help on how to achieve this scenario.

3) Also, after my test laptop received a Disk Encryption Policy, my device started showing up a message after i login "Your Administrator required that you enable FileVault" --> Can we suppress this end user message while they login and enable FileVault silently ?

 

Thank you.

0 Kudos
Reply
5 REPLIES 5

sdagley
Esteemed Contributor II

‎07-22-2022 08:30 AM - edited ‎07-22-2022 08:40 AM

@rajamsg Enabling FileVault requires restarting the Mac (log out and back in should be sufficient, but my org uses a restart), and you cannot suppress the prompt for the user to enable it. You can prevent them from logging in unless they approve the enable request though to make sure that happens.

0 Kudos
Reply

rajamsg
New Contributor
In response to sdagley

Posted on ‎07-22-2022 08:32 AM

Thank you so much (I understood).

Do you have any answer or suggestion for my Q2 ...

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to rajamsg

‎07-22-2022 08:42 AM - edited ‎07-22-2022 10:58 AM

@rajamsg Have you tried using a Configuration Profile instead of a Disk Encryption Policy to enforce FileVault? My org currently does not manage FileVault via Jamf Pro, so I can't personally speak to the behavior of either approach, but normally Configuration Profiles are more appropriate for forcing a configuration to be applied.

0 Kudos
Reply

rajamsg
New Contributor
In response to sdagley

Posted on ‎07-22-2022 08:52 AM


Thank you, When i am also trying with Configuration Profile option parallelly but my JAMF certificate expiry set as 2 months.

How are you handling this certificate portion for those select "Encryption Method" with option "Automatically encrypt and decrypt recovery key"

 

Thank you..

0 Kudos
Reply

sdagley
Esteemed Contributor II
In response to rajamsg

Posted on ‎07-22-2022 11:03 AM

@rajamsg There was a typo in my previous response, my org currently does not manage FV with Jamf Pro so I can't personally speak for the behavior, but my understanding is that there is an option to periodically roll the recovery key which would in turn regenerate the certificate.

0 Kudos
Reply