Forum Discussion

Orion-Skol's avatar
Orion-Skol
Brass Contributor
Jun 25, 2020
Solved

After AutoPilot, devices showing Require BitLocker Not Compliant

Windows 1909 (OS Build: 18363.900).

Surface Book 2

No config Manager. All Azure AD. No on premise servers..

folks,

   when autopilot done and user login, device in Intune showing 

Require BitLocker
Not Compliant

 

Its been overnight, when i checked manage-bde status it is showing:

 

Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Local Disk]
[OS Volume]

Size: 952.72 GB
BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:

      Numerical Password
      TPM

 

its been over 15 hours, but still non-compliant. Any thoughts \ suggestion?
 

 

 

Intune
  • Moe_Kinani's avatar
    Moe_Kinani
    Jun 26, 2020
    Hi Arif,

    First thing csme to my mind is TPM or BIOS issue, have you met the perquisites like latest BIOS update and TPS 2.0 with ready status?

    Moe

8 Replies

    • Oliver Kieselbach's avatar
      Oliver Kieselbach
      MVP
      Jul 01, 2020

      I agree with RuskinF, most of the time updating drivers and firmware resolves these issues. Only very old devices 5+ years may have problems which are unresolvable, but they are in general TPM 1.2 and dated in terms of updated firmware etc. So, go ahead and update the drivers and firmware and check for compliance again.

      • Orion-Skol's avatar
        Orion-Skol
        Brass Contributor
        Jul 01, 2020
        you guys were right. I thought for surface all drivers and firmware updates from windows updates and windows were all update to date. but apparently not. so I had download drivers (msi file from Microsoft). Installed on 3 different models and they are all showing complaint...

        So now I have created dynamic model groups in AAD, created apps for all models drivers, assigned to groups... seems like working great.... Thanks for all help...
    • Orion-Skol's avatar
      Orion-Skol
      Brass Contributor
      Jun 26, 2020

      PKlapwijk that was first thing i checked. as i mentioned when i ran manage-bde -status

      it is showing percentage encrypted 100%, used spac only encrypted, XTS-AES 128 

       

       

      Swaminathan_Arumugam Just volume c drive

       

  • PKlapwijk's avatar
    PKlapwijk
    MVP
    Jun 26, 2020

    Orion-Skol Have a look at the Bitlocker event logs to see what`s happening on the device. Sometimes you see for example a message secure boot isn`t turned on and an extra reboot solves the issue.

  • Moe_Kinani's avatar
    Moe_Kinani
    Bronze Contributor
    Jun 26, 2020
    Hi Arif,

    First thing csme to my mind is TPM or BIOS issue, have you met the perquisites like latest BIOS update and TPS 2.0 with ready status?

    Moe
    • Orion-Skol's avatar
      Orion-Skol
      Brass Contributor
      Jun 26, 2020

      Moe_Kinani 

      thanks for your reply, it is Surface Book 2 and other surface books. They all updated, i tested on 4 computers and all showing not compliant...

Resources