Fleetsmith will only escrow FileVault 2 Recovery Keys for devices Fleetsmith encrypts.
Devices encrypted prior to Fleetsmith by another source—or devices with FileVault 2 manually turned on via "System Preferences"—will have a "Managed" Encryption status on a device's page and no Recovery Key will be available in the Fleetsmith web app.
To allow Fleetsmith to escrow a FileVault 2 Recovery Key:
1. On the physical device, manually turn off FileVault 2 via "System Preferences" > "Security & Privacy" > "FileVault".
2. Add FileVault 2 encryption to the profile the device belongs to.
3. Once FileVault 2 is ready to be enabled, you should receive a "Restart" prompt on the device from the Fleetsmith agent. Click the Fleetsmith "Restart" prompt to start the encryption process.
4. Once Fleetsmith re-encrypts the device, the "Managed" status will change to "Show Key".