Jamf filevault not enabling FileVault is the native encryption capability built into Mac computers. enabled' do not report status changes to the Jamf Pro when FileVault status changes; they will only report this status in "full status reports. " Oct 26, 2023 · Because there are multiple ways to enable and manage FileVault, it’s important to understand where to start, and to keep up-to-date on new features. This could potentially be fixed by reversing the order of operations by enabling FileVault via the freshly created standard account, followed by a token grant to the Mar 25, 2025 · FileVault is full disk encryption for Mac. 13. Mar 4, 2025 · My goal is to have all of the Macs have FileVault 2 enabled, with the individual encryption recover keys redirected to Jamf server. Based on a test, it seems that if we disable FileVault, it will just turn it back on per that policy that previously ran & applied the disk encryption configuration. All content on Jamf Nation is for informational purposes only. At the logout, it presents the Jamf Connect window. We are using jamf connect with OneLogin for user accounts. Having it set for "next logged-in user" means that the jamf binary is running the following command: fdesetup enable -defer /path/to/filename. I feel like I'm missing something basic. Why learn about FileVault management? Jun 12, 2024 · When we onboarded Jamf Connect a few years ago, the Jamf contractor stressed very hard to not use the FileVault functions. The setting to Enable Escrow Personal Recovery Key is only applicable for macOS 10. Oct 11, 2022 · Some users do not get securetoken and filevault enabled but most do. Also our file vault settings are set to personal (individual), but jamf is not recording the key. Jamf is the only company in the world that provides a complete management and security solution for an Apple-first environment that is enterprise secure, consumer simple and protects personal privacy. We will be turning on the option from Jamf to manage FileVault, the issue I think we might have is that users might of enabled FileVault by themselves. I did some further testing today using (custom) configuration profiles to enforce at login/logout because Jamf does not have support for all MDM keys/values for FileVault: Jun 12, 2024 · When we onboarded Jamf Connect a few years ago, the Jamf contractor stressed very hard to not use the FileVault functions. I'm not sure on the fr Mar 23, 2018 · # If it is not, the following message is displayed without quotes: # # "FileVault 2 Encryption Not Available For This Version Of Mac OS X" if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 7 ]]; then echo "<result>FileVault 2 Encryption Not Available For This Version Of Mac OS X</result>" fi if [[ ${osvers_major} -eq 10 Mar 25, 2025 · FileVault is full disk encryption for Mac. It's really only for organizations without a MDM. 1, few with 14. Fil Jul 25, 2022 · Worse problem here, maybe should be in a new threadI have a user whose account *has* SecureToken, and who sees the turn-on-FileVault sequence at startup, and still encryption never actually begins (a day later fdesetup reports encryption OFF, but deferred enablement appears on for the user). See full list on jamf. We're using 10. What process is everyone here usin Typically, each user goes through the unboxing experience, creates their user profile, and policies/scripts from JAMF help do the rest. 12 and Earlier. I have repeatedly logged out/in, shutdown/started my laptop but at no time have I been prompted to enable FileVault. Oct 11, 2022 · Hello, Thanks for the reply, I actually have it setup with a user as well and they receive a secure token, seems hit or miss. connect. For more details on fdesetup and Mavericks, please see the link below: Jan 29, 2025 · The profile is installed on the system, but the key is Unknown and FileVault 2 status is Not Enabled. Is t Sep 29, 2022 · If the devices power up directly to the JAMF Connect login window then FileVault is not enabled. I just click the "Enable Users" button and it does nothing. 7. I checked the profiles to ensure there was nothing there that would re-enable it. Jun 1, 2023 · I have Jamf Connect deployed via Jamf Pro (with Azure AD) anf FileVault enabled via a Configuration Profile. Since the Feb 26, 2025 · Managing user access to FV-enabled devices with Jamf Pro is a trivial matter, but for those that wish to go the manual route, admins can easily leverage the Terminal to enable/disable secure token access of per-user accounts and/or to reset passwords, as necessary. Nov 3, 2024 · Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Dec 13, 2023 · We have: Jamf Pro, Jamf Connect, "Automatically install PPPC" with Jamf management framework and Jamf Connect. In order to redirect the Personal Recovery Key to Jamf Pro for macOS 10. modifying @bkramps solution to feed the xml with an API call would be nice, but that comes back to the other, as-yet undelivered, feature request. plist Jan 6, 2020 · Hi We are transitioning to enabling FileVault by Configuration Profile once Mac is enrolled via DEP. I have a ticket open with Jamf, they are taking a look at a script with me as it recently stopped worki Dec 5, 2018 · On some of our Macs when running the FileVault2 Encryption policy it seems like it successfully runs but when you check the logs you see it says "FileVault is off, deferred enablement appears to be enabled for active user: username" Ive flushed the policy, tried to run it logged in as a different ad Nov 12, 2020 · As the standard account is created first, with a SecureToken, the ‘lapsadmin’ you define in the Jamf Connect configuration can NOT enable FileVault… by lack of SecureToken. Any i Oct 8, 2015 · @rtrouton Nifty, but the goal is to have the JSS provide the recovery key, since it's already stored there. In other lanes we were also told to not enable FileVault in the prestage (ie installing the configuration profile there). Choose “Disable User for FileVault 2” from the Action pop-up menu. However, that leaves the admin user, which is still not FV2 enabled. I have a ticket open with Jamf, they are taking a look at a script with me as it recently stopped worki Jun 12, 2024 · More or less the reason why Jamf Connect can "enable" FileVault is for organizations without an MDM. It's not perfect, but I wrote this script to be used in Self Service by the user. May 6, 2013 · Jamf does not review User Content submitted by members or other third parties before it is posted. If no user is logged in, the next user to log in becomes the enabled FileVault user. If I go to click 'Turn On FileVault', it just doesn't do anything. 3). Mar 5, 2025 · PI122407 > Computers with the DDM status subscription for 'diskmanagement. I changed the policy to enable at login which fixed the issue. With a user password input the script is able to turn off FileVault #!/bin/bash ##### # Popups asking for user to ender userID and Password ##### #this section uses Apple Script to prompt the user to enter their credentials to create a variable to be able to call the user name and password later in the script. I have a ticket open with Jamf, they are taking a look at a script with me as it recently stopped working Script, I used to use for assigning secure token thus FV could be enabled Sep 26, 2022 · Jamf Pro; Re: Filevault 2 not enabling, SecureToken missing; Options. Nov 19, 2012 · I'm not sure that would work as intended. Jun 12, 2024 · When we onboarded Jamf Connect a few years ago, the Jamf contractor stressed very hard to not use the FileVault functions. Beyond that its really up to how the account is created and what permissions it has (ie admin) on if it will automatically get a FileVault Token. Enter the username of the user you want to disable for FileVault. Apr 3, 2025 · I'm seeing a number of Macs reporting that FileVault 2 is not enabled, despite the encryption state being displayed as Encrypted. I've experimented with both a Configuration Profile, assigned to the PreStage Enrollment, and with a Policy, and both have rough edges that I'm not sure how to smooth out. In the General payload, enter a display name for the policy. Yet, when I restart and log back in, I['m being forced to re-enable FileVault. filevault. I've adapted your script and tested. We have seen a number of users be unable to successfully enable FileVault for their user profile. 12 or earlier, we need to the deprecated “Recovery Key Redirection” setting at the bottom of the FileVault settings list. Scope it to a smart group where the criteria is FileVault 2 Individual Recovery Key != Valid Apr 5, 2022 · Our FileVault 2 configuration profile is set to be enabled at login, which works fine for the standard user. For example, “Disable Local Account for FileVault“. Jan 24, 2024 · However, when testing the Configuration Profile against my MacBook - which has FileVault turned off - I am not being prompted to enable FileVault. Jan 4, 2022 · Some users do not get securetoken and filevault enabled but most do. Is this a known issue? The machines appear to be completely fine and encryption seems to be on. Enabling it with Jamf Pro makes computers require a user's credentials to complete the boot process, ensuring that data on the computer is secure. Any ideas? I saw a post on jamf Nation saying the only option is to disable file vault on computers running jamf connect. Select a trigger and execution frequency. At the booting and restarting, macOS login window first appears to ask for Password and then presents the Jamf Connect Window where I supply the Azure Credentials. jamf. It says no key present. when i go and uncheck ENABLE under the policy OR remove the unit from the SCOPE, when i restart the designated unit it keeps showing the POP-UP message on login that Administrator is requesting to Enable the filevault, noting that Feb 13, 2018 · Yeah, I'm no longer able to enable filevault for users or update the filevault password for our local-admin account. Jamf Connect uses the fdesetup binary to enable FileVault, which is largely deprecated. Important: On macOS 10. Information and posts may be out of date when you view them. User interaction is a show stopper. Click Save. Beyond that its really up to how the account is created and what permissions it has (ie admin) on if it will auto Dec 20, 2022 · The way it works once the first file vault enabled user logs in from then on the connect window will not show and it will rely on Filevault authentication to proceed. I have to reboot, get prompted again at login to enable it, and then it starts working. Sep 26, 2022 · Some users do not get securetoken and filevault enabled but most do. The first account on a Mac must be an admin account and will get a FileVault token automatically. I'm not sure on the fr Mar 23, 2018 · # If it is not, the following message is displayed without quotes: # # "FileVault 2 Encryption Not Available For This Version Of Mac OS X" if [[ ${osvers_major} -eq 10 ]] && [[ ${osvers_minor} -lt 7 ]]; then echo "<result>FileVault 2 Encryption Not Available For This Version Of Mac OS X</result>" fi if [[ ${osvers_major} -eq 10 Nov 12, 2020 · As the standard account is created first, with a SecureToken, the ‘lapsadmin’ you define in the Jamf Connect configuration can NOT enable FileVault… by lack of SecureToken. place the enabled FileVault user. x (few with 14. I've had some specific use case scenarios where people have enabled FileVault outside of Jamf, and it's necessary to decrypt the machine and then perform encryption over again to get the recovery key escrowed in Jamf properly. I have a ticket open with Jamf, they are taking a look at a script with me as it recently stopped working Script, I used to use for assigning secure token thus FV could be enabled Aug 16, 2020 · Let’s now enable FileVault, via a Config Profile, so the account I’m currently logged in with (‘ttg’ which has a SecureToken), enables FileVault at logout. Jamf is not responsible for, nor assumes any liability for any User Content or other third-party content appearing on Jamf You’ll also want an ongoing policy to re-issue and escrow any missing or unknown keys to JAMF so you’ll almost always have a correct one. 2 or later, you cannot select the management account on a computer as the enabled FileVault user due to the lack of a secure token. When you use Jamf Now to set up FileVault, the recovery keys will be stored. As soon as I turned off FileVault and rebooted the Jamf login screen appeared. The first time this user logs out and logs back in, the FV2 is enabled. Jan 4, 2022 · Hello All I am having an issue where it seems securetoken is not being enabled on our accounts, thus FV2 enablement window shows up and asks to enable but it doesnt work after entering the users password. Is this true? Then went into the FileVault setting and disabled it. Jun 18, 2014 · The –defer option does not enable multiple user accounts and cannot be used to enable accounts once FileVault 2 encryption has been turned on. 1, and these are for AD users and the option to mount home drives at login is disabled. 13 and later. Kind of a big issue for us because the local-admin password successfully changes for the user but not for FV2, which means our FV2 password and local account password no longer are syncing after our 90 password rotations. We currently have 2 Config Profiles that enable FV (though I'm honestly not sure which does what or if they're redundant): Application and Custom Settings > Jamf Applications > com. Let’s logout, and confirm FileVault is enabled after logging in again: FileVault is enabled but I still only have 1 SecureToken holder (‘ttg’). The weirdest one of all though, is a system with 13. Apr 12, 2023 · Hi, On the other hand, I had another question. Below is the output of the sysadminctl command that is used in managing per-user Dec 22, 2014 · Upon first login, we get prompted to enable it but when we ultimately login, it's not enabled. However, we have a single device that even though it prompts the user for their password to enable FileVault, it never actually enables. In this blog we’ll focus on how to enable FileVault encryption on Macs with Jamf Pro. Sep 2, 2024 · You can turn on FileVault encryption on computers in your environment using the built-in functionality in Jamf Pro. One thing I have noticed that is unique on this one device is that there are 3 partitions, Sep 2, 2024 · Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. If I activate the 'Allow users to bypass FileVault prompts at login' box with x attempts, the problem is that our technicians, when they open the session allowing them to prepare the computer, they have the window offering to activate or not Filevault Jan 20, 2023 · good day, i have created a new policy under JAMF which it activates the filevault disk encyption which works fine. Sep 29, 2022 · If the devices power up directly to the JAMF Connect login window then FileVault is not enabled. 3 enrolled, got the profile deployed, and FileVault enabled and key escrowed to Jamf. I have the process working on several test Catalina devices. As I understand what you're thinking, you want to then run a second separate fdesetup command: fdesetup enable -inputplist < /path/to/filename. Will Jamf take over the FileVault option when we turn this on or do we need to make sure FileVault is turned off Jan 4, 2022 · Hello we are pushing Jamf Connect as a prestage. This is handy if you forget the password to the Mac and still need to get access. com Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Select the Local Accounts payload and click Configure. Jamf recon/policy in terminal Jamf shows the device as not encrypted. I've also seen this sometimes change to show Enabled before reverting back to Not Enabled again. Sep 7, 2023 · Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. This could potentially be fixed by reversing the order of operations by enabling FileVault via the freshly created standard account, followed by a token grant to the Jan 2, 2015 · Does anyone have a EA check to see if the bootvolume is already Core Storage?. Mar 1, 2023 · FIleVault has already been enabled via that policy on this particular device. These machines have all been on macOS 14. FV should be enabled during setup, we use DEP Notify and it has a piece after running where it asks to l Jun 12, 2024 · More or less the reason why Jamf Connect can "enable" FileVault is for organizations without an MDM. Subscribe to RSS Feed; Mark Topic as New; Mark Topic as Read; Float this Topic for Current User Thanks. All is well, except we cannot add other authorized users to fileVault using the FileVault System Preferences --> Enable Users button. 10. I have a ticket open with Jamf, they are taking a look at a script with me as it recently stopped working Script, I used to use for assigning secure token thus FV could be enabled Sep 7, 2023 · Jamf's purpose is to simplify work by helping organizations manage and secure an Apple experience that end users love and organizations trust. Jan 25, 2019 · Just wanted to share this. plist. We also have a local admin account created on all the machines and that account has a secure token and FV2 shows enabled for that account in Jamf. login > Enable Filevault: True Aug 24, 2023 · Thank you. Mar 3, 2020 · We are working on getting FileVault enabled. This deployment mode would be typically what you would want for a one to one user deployment. Some users do not get securetoken and filevault enabled but most do. If you have an MDM, you need to be using a Configuration Profile to enable FileVault. I was told by Apple and Jamf that fdesetup is not deprecated (the FV2 Sys Pref Pane and the FV2 profile actually run this command under the hood actually based on what Jamf told me), but a profile is recommended for enabling and managing FV2 via MDM (which we do), but removing a FV2 profile doesn't disable FileVault, hence my inquiry into researching the possibility if a situation Oct 9, 2019 · Same here, also a policy to enable at logout doesn't seem to work. Feb 14, 2018 · Redirecting Personal Recovery Keys to macOS 10. pahvhz jqi iyas vhwho bisgz bykbwdg jqvtexi cyta aqszis xkkg