If your device was encrypted prior to Fleetsmith, or FileVault 2 was turned on manually, you can still take some steps to have your Recovery Key escrowed in Fleetsmith.
On each device perform the following:
- In the Fleetsmith Admin Console, remove FileVault 2 from whichever profile is assigned to the device.
- On the physical device, remove the FileVault profile from System Preferences > Profiles.
- Turn FileVault off (also known as decryption) by going to System Preferences > Security & Privacy > FileVault and clicking the “Turn Off Filevault…” button. (This may require you to click the Lock icon in the lower left hand corner of this window before being able to click the button.)
- In the Fleetsmith Admin Console, add FileVault 2 back to your profile.
- After some time, dependent on the device itself, the physical device should receive a "Restart" prompt from the Fleetsmith agent. Click the Fleetsmith "Restart" prompt to complete the encryption process.
- Once Fleetsmith re-encrypts the device, the "Managed" status will include a "Show Key" option.