Forum Discussion
BitLocker Silent Encryption not enabling for standard user
Hello Intune Community, I'm looking for some assistance with our Intune/Autopilot configuration please. For the life of me, I can't get BitLocker Silent Encryption to enable for a standard user d...
This specific error is related to key the key rotation setting. I would disable that in your encryption policy and try again.
Thanks for your reply and suggestion Nathan. I've now tried with:
Configure client-driven recovery password rotation: Not configured
Compatible TPM startup: Allowed
Compatible TPM startup PIN: Allowed
Compatible TPM startup key: Blocked
Compatible TPM startup key and PIN: Blocked
Recovery key file creation: Allowed
Require device to back up recovery information to Azure AD: Yes
Recovery password creation: Allowed
Enable BitLocker after recovery information to store: Yes
Block the use of certificate-based data recovery agent (DRA): Not configured
With still the same symptoms - no automatic BitLocker enablement when using Whiteglove and signing in as a Standard User UNTIL I then switch user to an Admin
Configure client-driven recovery password rotation: Not configured
Compatible TPM startup: Allowed
Compatible TPM startup PIN: Allowed
Compatible TPM startup key: Blocked
Compatible TPM startup key and PIN: Blocked
Recovery key file creation: Allowed
Require device to back up recovery information to Azure AD: Yes
Recovery password creation: Allowed
Enable BitLocker after recovery information to store: Yes
Block the use of certificate-based data recovery agent (DRA): Not configured
With still the same symptoms - no automatic BitLocker enablement when using Whiteglove and signing in as a Standard User UNTIL I then switch user to an Admin
- Hi did you take a look at the pm I sended some time ago ? To try it with a powershell script/win32 app instead of a device configuration policy? I know it's better to use a device configuration profile... but maybe it can help you to rule some stuff out
