When macOS 15 (aka Sequoia) came out, we found that a lot of computers (almost 30%) in our fleet had their FileVault keys regenerated, rendering them Invalid and out of date in Jamf. This meant we couldn’t access computers if people forgot their passwords, or if we needed to access a past employee’s computer before we wiped it.
Escrow Buddy is a tool that facilitates the automatic regeneration and escrowing of FileVault keys without user intervention. No one even needs to know it’s happening.
To make it work, we needed a Smart Group that listed Macs without valid keys, a configuration profile to enable escrowing on the local computer, and policies to install Escrow Buddy and tell it to regenerate the key.
Tuesday, February 11th, 2025
2025-02-11