I have this issue too. I found one solution, but this process is very unhappy :-(
1. Found user account via ePO query > EE: Users
2. Delete all users from this account and set in the group users > Inheritance broken: True
3. Use wake up call from ePO, after deploy on the client push events from the client and now will be correct deploy policy and the client will be start decrypting.
Be careful! You can't in the moment restart the computer, because aren't any users in the local token. I recommend to enable automatic boot in the policy.
Give me feedback please, if this steps was helpful for you.