How to approach implementing Escrow Buddy with pre-existing FileVault2 enforcement profile in Jamf Pro

macadmins / escrow-buddy

A macOS authorization plugin that helps MDM administrators ensure valid FileVault keys are escrowed for all their Macs.

Apache License 2.0

199 stars 11 forks source link

How to approach implementing Escrow Buddy with pre-existing FileVault2 enforcement profile in Jamf Pro #10

Closed jybarbo79 closed 8 months ago

jybarbo79 commented 8 months ago

Our Jamf Pro instance has already rolled out FV2 encryption enablement/enforcement configuration profiles and is set to escrow the PRK to Jamf Pro. How do I approach using Escrow Buddy to force encrypted endpoints with an invalid/unknown individual recovery key validation to escrow a new PRK? These endpoints with invalid/unknown recovery keys already have the existing FV2 config profile, and I'm worried that scoping an additional FV2 profile with the same settings will cause more issues.

homebysix commented 8 months ago

Hi @jybarbo79 - No need to scope an additional profile; just make sure your existing profile is scoped to all Macs. Then you can proceed with steps 2 and 3 of the deployment instructions.

jybarbo79 commented 8 months ago

Perfect! Thanks for the quick reply!