The following are the Encryption Management for Apple FileVault issues and limitations.
After upgrading Mac OS to 10.13.1, Encryption Management for Apple FileVault may not start encryption if the domain user doesn't have a "secure token" to enable FileVault. Administrators may need to manually apply a secure token to the mobile account. For details, refer to the following Knowledge Base entry:
After Encryption Management for FileVault receives the Kill command from PolicyServer , all the user passwords on that device are reset to random characters. However, due to a Mac OS 10.10 security design , the Kill function may become "locked", and users are unable to unlock FileVault on that device.