We have a user already enabled FileVault2 before enrolling Casper encryption policy. Here is the simple steps to inject our institutional key into their macs:
- Create a new configuration profile, in “FileVault Key Redirection” payload choose “Automatically redirect recovery keys to the JSS” and then apply to the macs you want to inject enryption:
- Apply this script into Casper and publish into self service, then you can ask your users to type in their password to enroll into your own institutional encryption.