How to deal with FileVault keep locking users out?
So we have had about one report a week for the past few months with users swearing they entered their correct password but FileVault refuses to unlock/acknowledge the password. At first I thought it was just user-error but it keeps happening to more and more users and I'm honestly out of ideas for what could be causing this.
For environment reference we use Intune and XCreds for account deployment (Intune sets up a hidden admin account, the user account gets created by XCreds and receives the first and only Secure Token on the system. Users are Standard users and not local admins.) as we never physically touch the machines as they are shipped directly to end-users and enrolled via ABM.
I suspect some fuckery with Secure Token BS but can't narrow it down or actually check as I have no physical access to any user machines as we are all remote and since they can't get past the FileVault screen there is no way to assist them remotely.
As the recovery key would enable them to reset the password for the local admin account and as such escalate privileges our only option is to wipe their machines, but this is not optimal as the issue seems to be affecting more and more users each day.