Hello @gnishilda ,
On recent macOS versions, especially on Apple Silicon Macs, the logged-in user must have a macOS Secure Token to authorize and initiate FileVault encryption. If the target user does not have a Secure Token, FileVault activation through policy can fail even if the Hexnode policy is configured correctly.
You can verify the Secure Token status on the Mac by running the following command in Terminal:
sysadminctl -secureTokenStatus <username>
If the result shows that Secure Token is disabled for the target user, pass a Secure Token from an admin account that already has one:
sudo sysadminctl -adminUser <admin_username> -adminPassword <admin_password> -secureTokenOn <target_username> -password <target_user_password>
After enabling Secure Token for the target user, re-push or reapply the FileVault policy from Hexnode and check whether FileVault starts encrypting.
Regards,
Simon Scott
Hexnode UEm