Hello, I'm trying to set up silent bitlocker deployment via Intune->Endpoint Security -> Disk Encryption. I have assigned a testing machine to it but it doesn't seems to enable bitlocker at all on the machine. I am attaching the configuration. We are in hybrid scenario and the computer is hybrid joined... Now...I can see the policy SUCCEEDED in intune... also "Per setting status" report shows all successful the laptop has only one drive - OS drive - and it is not encryptedin Event Viewer, I see "Bitlocker CSP: OS Drive not protected"before, I saw also "encryption type not supported" when I had "Full encryption" enabled. After changing it to "Used data only" this warning does not appear anymore I have forced sync from the laptop.. also restarted few times already... but the drive still does not have bitlocker turned on. Btw, it is a fresh new laptop Any advise? Am I missing anything here? UPDATE:I see one more warning in Event Viewer that is related to Bitlocker: "BitLocker CSP: GetDeviceEncryptionComplianceStatus indicates OSV is not compliant with returned status 0x106" Regards,Michal

Hi Michal,I had a few challenges with the "Configure encryption methods". When I set these to not configured, BitLocker worked on the test device.Maybe it helps?Kind Regards,Tom

Hi Tom.. thanks for advise... I've changed that one to "Not Configured".... but didn't help so far... Will leave it for few hours and check again...

no luck... left it overnight... restarted few times.... synced few times.... bitlocker still not enabled and I can still see the same events in event viewer

Please excuse the stupid question. But the requirements for BitLocker are already met? Hardware, TPM, operating system version etc.?https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices

sumo83

Iron Contributor

Feb 19, 2024

Bitlocker pushed via Intune does not work

Hello,

I'm trying to set up silent bitlocker deployment via Intune->Endpoint Security -> Disk Encryption. I have assigned a testing machine to it but it doesn't seems to enable bitlocker at all on the machine. I am attaching the configuration. We are in hybrid scenario and the computer is hybrid joined...

Now...

I can see the policy SUCCEEDED in intune... also "Per setting status" report shows all successful
the laptop has only one drive - OS drive - and it is not encrypted
in Event Viewer, I see "Bitlocker CSP: OS Drive not protected"
before, I saw also "encryption type not supported" when I had "Full encryption" enabled. After changing it to "Used data only" this warning does not appear anymore

I have forced sync from the laptop.. also restarted few times already... but the drive still does not have bitlocker turned on. Btw, it is a fresh new laptop

Any advise? Am I missing anything here?

UPDATE:

I see one more warning in Event Viewer that is related to Bitlocker: "BitLocker CSP: GetDeviceEncryptionComplianceStatus indicates OSV is not compliant with returned status 0x106"

Regards,

Michal

BitLocker

Intune

12 Replies

G_Man
Copper Contributor
Dec 05, 2024
Hi, did you ever fix this? We have the same issue but we are Entra joined only. Identical models, some encrypt, some don't. Go figure....
JeroenBurgerhout
MCT
Feb 22, 2024
sumo83 I see this often in a hybrid scenario. You can read my blogpost about this issue. Maybe it's your life saver.
https://www.burgerhout.org/the-bitlocker-haadj-nightmare/
- sumo83
  Iron Contributor
  Feb 28, 2024
  thanks for sharing this... Need to move us to full cloud and get rid of hybrid as soon as I can 🙂
  
  was trying to avoid GPO 🙂 ... Is this an intrusive GPO to existing machines? If I enable deploy the GPO to devices that already have bitlocker running, would there anything I should be aware of?
TomWechsler
MVP
Feb 19, 2024
Hi Michal,

I had a few challenges with the "Configure encryption methods". When I set these to not configured, BitLocker worked on the test device.

Maybe it helps?

Kind Regards,
Tom
- sumo83
  Iron Contributor
  Feb 19, 2024
  Hi Tom.. thanks for advise... I've changed that one to "Not Configured".... but didn't help so far... Will leave it for few hours and check again...
  - TomWechsler
    MVP
    Feb 19, 2024
    I'm curious!

Forum Discussion

Bitlocker pushed via Intune does not work