Forum Discussion
bitlocker - devices assigned in intune are not encrypted
in endpoint manager I added bitlocker config, but encryption was not applied on some devices. configuration status -Assignment Status. I see no errors for these devices but - Encrypted none
1 Reply
To silently enable bitlocker on devices via Endpoint security -> Disk encryption.
You can configure below settings
Device Prerequisites:
A device must meet the following conditions to be eligible for silently enabling BitLocker:
- If end users log in to the devices as Administrators, the device must run Windows 10 version 1803 or later, or Windows 11.
- If end users log in to the the devices as Standard Users, the device must run Windows 10 version 1809 or later, or Windows 11.
- The device must be Azure AD Joined or Hybrid Azure AD Joined.
- Device must contain at least TPM (Trusted Platform Module) 1.2.
- The BIOS mode must be set to Native UEFI only.
Source: Encrypt Windows devices with BitLocker in Intune - Microsoft Intune | Microsoft Docs
To monitor the device encryption you can check the following Microsoft documentation
Encryption report for encrypted devices in Microsoft Intune - Microsoft Intune | Microsoft DocsI hope this will help you, and please let me know if you have more questions.
If this fix your problem and please mark my answer as the solution.
With kind regards,
Rene
