When connecting a device to iTunes or Finder, then syncing, the device can require backup files to be encrypted with a password even when Jamf Now's restriction for Force Encrypted Backups is not enabled.

This is expected behavior when a device has encrypted profiles installed on it, which occurs when the items below are configured on a blueprint:

Force Encrypted Backups being disabled in Jamf Now will not override iOS's behavior. Apple's documentation of MDM restrictions mentions the following under Force Encrypted Backups:

"Users can't choose whether device backups performed in the Finder (in macOS 10.15 or later), and iTunes (in macOS 10.14 or earlier) are stored in encrypted format on the users Mac. If any profile is encrypted and this option is turned off, encryption of backups is required and enforced by the Finder or iTunes. Profiles installed on the device by Profile Manager are never encrypted."

Since Apps, Restrictions, and Wallpaper do not install encrypted profiles, the Force Encrypted Backups setting will function as expected if they are configured on the blueprint.