Working on a project to deploy FileVault + PRK Key Escrow to all MacOS endpoints. Problem is some endpoints either FileVault encrypted before receiving the Key Escrow profile or they just never sent the Recovery Key to Meraki. I know I can create a Security Policy that detects if a MacOS endpoint is encrypted and also in the Devices page add a column and sort based on encryption status on/off. But I want to sort/filter on specifically FileVault enabled encrypted devices that do not have their key stored in the Meraki Key Escrow. Does anyone know a way to do this?