Thebootstrap tokenis a mechanism introduced by Apple to help MDM solutions automatically grant SecureToken to managed accounts. Apple specifies that escrow of a bootstrap token requires the device to besupervised. Without supervision, MDM cannot request or store the bootstrap token. This token becomes critical when enabling FileVault, since new accounts may need SecureToken for disk unlock. By escrowing the bootstrap token, MDM ensures accounts created later (e.g., through identity integration or Jamf Connect) can automatically receive SecureToken. This simplifies administration and prevents situations where FileVault cannot be enabled due to missing tokens.