HexCon is coming to NYC. Catch the early-bird price before the time's up! Book me a spot

Migrate device encryption to HexnodeSolved

3 years ago

Hey everyone, we’ve been thinking of changing our MDM from Jamf to Hexnode. So currently all our Macs are encrypted and the personal recovery keys are escrowed in jamf. We were wondering if there’s a way to migrate these keys to hexnode maybe? Any advice around how to make the whole encryption process smooth is greatly appreciated!

Replies (1)

Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review

@gnishilda  We appreciate you reaching out to us!

Unfortunately, the escrowed personal recovery keys in Jamf cannot be migrated to the Hexnode UEM console. However, since the devices are already encrypted, you can set up a new FileVault personal recovery key after enrolling the devices in Hexnode UEM.

Here’s how you can go about it:

  1. After enrolling the device in Hexnode UEM, run the command sudo fdesetup changerecovery –personal in the device Terminal to generate a new recovery key.
  2. Next, open the Hexnode MDM agent app on the Mac and click on the Sync button.
  3. Now log in to the Hexnode portal.
  4. Navigate to the Manage tab. Select your devices and execute the Scan Device action.
  5. Go to Device Summary > Device Info > Security Info > FileVault Recovery Key.
  6. Here you may select the option ‘Decrypt FileVault Recovery Key’ and choose the method of encryption used. Click on Decrypt.

Finally, the new FileVault recovery key will be displayed under Security Info > FileVault Recovery Key.

Please refer to FileVault decryption on an already encrypted Mac for further details.

Hope this solves your query. Do reach out if you have any further queries.

Emma Jones
Hexnode UEM