Update configuration profile payload for 10.13+

[jdemaio]

It might be helpful to include information regarding the updates done to the Security & Privacy payload when 10.13 was released. I was trying to use this script but kept running into issues with my config profile that used the old FileVault Recovery Key Redirection payload. Referenced here https://docs.jamf.com/9.101.0/casper-suite/release-notes/What%27s_New_in_This_Release.html

Security & Privacy

New options have been added to the FileVault tab on the Security & Privacy payload to enable and manage the personal FileVault recovery key.In addition, you can use the new Recovery Key Encryption Method option to choose the method the JSS will use for encrypting and decrypting the personal recovery key. For more information, see the following Knowledge Base article: Configuration Profiles Reference.

Note: On macOS 10.13 or later, you must use these options instead of the FileVault Recovery Key Redirection payload which is not supported on macOS 10.13. However, you must continue to use the FileVault Recovery Key Redirection payload to manage the personal FileVault recovery key for computers with macOS 10.12 or earlier.

[pythoninthegrass]

Good call @jdemaio. In my environment, the script never escrowed with the deprecated config profile scoped. Had to unscope, double checked our Security and Privacy payload, and it worked with just institutional recovery key and escrow enabled.

Incidentally, it gets filed as a personal recovery key in Jamf while no institutional recovery key is present. Probably due to how it's generated as a personal key: fdesetup changerecovery -norecoverykey -verbose -personal -inputplist.