FileVault Recovery Key Escrow

FileVault is Enabled but my Recovery Key is Not Displaying in Jamf Now

For Jamf Now to successfully store a FileVault recovery key, the Mac must be managed by Jamf Now during the time of encryption. In the case where the Mac was encrypted prior to being managed by Jamf Now, a few additional steps must be taken to get the FileVault recovery key stored in Jamf Now successfully. 


Ensure the Enable FileVault checkbox is selected under the Security tab of the Blueprint associated with the Mac in Jamf Now.

Ensure the Mac has received the correct profiles under System Preferences > Profiles on the Mac.

Generating a New FileVault Recovery Key for Jamf Now Storage

1. Open the Terminal application on the Mac.

2. Run the following command in Terminal:

sudo fdesetup changerecovery -personal

3. Complete the follow-up prompts in Terminal, including the local account user name and password.

Once complete, you should see the new FileVault recovery key displayed within the Terminal session, like the example shown in the screen shot below.

4. Log in to Jamf Now.

5. Click Devices, and then select the appropriate device.

6. Click Sync in the upper right-hand corner.

Once the Mac inventories with Jamf Now, the recovery key in the screen shot below should be shown in the Jamf Now console.