@elliotjordan Thank You! Your timing is most excellent as I just started looking at the options to move FileVault control into Jamf Pro last week, and I wasn't happy with either of the options I'd found (your Less than ideal solutions).
We finally got around deploying this. It works well! This is our setup:
1. Create a smart group that includes computers with an encrypted volume, with an unknown key
2. Scope a plociy that runs once or once per month, that installs Escrow Buddy with Installomator (we use that for many other pieces of software, so that was easiest). The same policy also sets the config on the computer telling escrowbuddy that a rekey is needed.
With this simple config we see that problematic computers are moved into the group for fixing, and once they're fixed, they are unscoped.
Only minor issue that remains is that EscrowBuddy is still installed even though it's no longer needed. A suggestion for a minor improvement would be for EscrowBuddy to automatically uninstall after the work has been carried out, or at least make that configurable. Who knows what issues might arise if EscrowBuddy is installed for many months and many major/minor macOS versions to come? :)