Forum Discussion
Compliance mark computer OK for Bitlocker even if not enabled
Hi all,
I've been wondering for some time already whether it is a bug.. or I miss something ...
I have a compliance policy that includes checking for Bitlocker (Device Health -> Bitlocker:Required). However, I've found out that when a new computer is enrolled, the device is marked as compliant. When I check for particular compliance policy setting, Bitlocker is showing Compliant. And this is for computers that DO NOT have bitlocker enabled at all...
UPDATE:
When I check devices via "Monitor->Encryption report", the status for devices without bitlocker seems to be ok there as it shows "Not encrypted"...
What is the purpose of Compliance "Bitlocker" check and does it work differently than "Monitor"?
Why is it showing compliant then?
3 Replies
- Mmmm ... just wondering by how does your default compliance settings look like?
https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy-settings
Mark devices without compliance policy as? maybe at that point in time, the device doesn't had the possibility to sync/report/checkin properly
Or any grace periods configured? should the device be marked not compliant immediately or?
I assume that after a reboot or a while the device would be mark not compliant?- thanks for mentioning "Compliance policy settings" .. I was not aware of that... I've changed "Mark devices with no compliance policy assigned as" ....from "Compliant" to "Not Compliant"...
I would say this was the issue... Will see if better when adding new computer next time 🙂
Btw, I have device compliance policy Action to mark devices as noncompliant immediately.- Yep... mentioning that one in an older blog
https://call4cloud.nl/2021/06/blood-sweat-and-built-in-compliance-policies/#part1
But yeah i would start with that one first 🙂 ... reenroll a device again to see what changed
