Posted on 07-25-2022 11:24 AM
I have one computer in my environment I haven't been able to get to encrypt.
We have a single Disk Encryption Configuration which runs at enrollment, and is also available in Self Service. This Mac was enrolled as a backfill and picked up the config there...and has also run it a couple of times from Self Service...and at every restart the user sees the required approve-or-shut-down sequence and approves it...and still fdesetup reports encryption OFF with deferred enablement ON for the user for whom it should be. And that user shows SecureToken ENABLED.
All suggestions gratefully accepted.
--
Phil Saunders
Myriad Genetics
Posted on 07-25-2022 06:33 PM
Is the user the first user account that got created? Also, how was the mac enrolled? prestage or user-initiated?
07-25-2022 11:16 PM - edited 07-26-2022 08:53 PM
Posted on 07-26-2022 08:30 AM
Okay, did either of you pay attention? The SecureToken is ON, ON, ON, PRESENT, PRESENT, PRESENT. Lack of SecureToken is NOT, repeat NOT the reason encryption is not turning on, unless there is some way of assigning Schrödinger's token which is ON and OFF at the same time.
Purely incidentally: I have no idea which was the first user created, as I inherited this Mac, and enrolled it via invitation. But to reiterate yet again for any others who may not be paying attention, SecureToken is ON for the end user, according to sysadminctl, and deferred enablement is active for her, according to fdesetup. It just won't turn on.