Forum Discussion

neilcarden's avatar
neilcarden
Brass Contributor
Jun 07, 2019

AutoPilot silent encryption Surface Pro 6 failing

Hi, has anyone had any joy enrolling Surface Pros with Autopilot enabling bitlocker silently?
I have the enrolment profile as the enrolee as a non-admin and bitlocker encryption allowed by non-admins.
I have ‘allow TPM’ and ‘allow TPM and PIN’ (and have tried various different combinations) configured as we want to use a PIN on boot.
When it goes through the enrol it completes and loads Windows, and bitlocker is off. When I try to enable manually it fails due to group policy issue. The Event viewer says ‘cannot silently encrypt due to the lack of keyboard’. I have tried with keyboard disconnected, connected, external keyboard via Surface docker...
Am I missing something obvious? I can’t find any documentation or articles that offer any solutions...
Thanks in advance.
Neil
    • neilcarden's avatar
      neilcarden
      Brass Contributor
      It varies... have tried Pro and Enterprise both 1803 and 1809. Also tried a Surface straight out of the box and OS installed from USB media... and lots of resets!!
      • dotjesper's avatar
        dotjesper
        MVP

        Hi neilcarden,

        Sounds strange - I do not have access to a Surface Pro 6, so I am not able to replicate. However I am aware of an issue with the 1809 RTM media was causing the disk layout to be wrongly configured causing BitLocker to fail encryption as part of the AAD join. The issue is fixed with the most recent Windows 10 1809 ISO (January 2019). Any chance you are reusing the disk layout from a Windows 10 1809 RTM version?

         

        --Jesper

         

Resources