Forum Discussion

josvds's avatar
josvds
Brass Contributor
Jan 18, 2023

Intune compliance issues Windows 11 22H2

We have unboxed several new "HP ProBook 450 G9" devices and connected them to MDM with AutoPilot. We installed these devices and they should be marked compliant based on the settings we have applied to other devices as well. But these devices are all having the same issue with compliance, because they get "Require BitLocker" and "Require Secure Boot" failed.

 

 

We have installed all updates, we upgraded these devices to W11 22H2. We have checked but the disk is encrypted and we also checked the steps written on this page Secure boot enabled Windows 10 device shows Not Compliant in Intune - Intune | Microsoft Learn.

 

"manage-bde -protectors -get C:" returns

TPM:

      PCR Validation Profile:

        7, 11

 

"Get-Tpm" returns

TpmPresent                : True

TpmReady                  : True

TpmEnabled                : True

TpmActivated              : True

TpmOwned                  : True

RestartPending            : False

ManufacturerVersion       : 7.2.3.0                         

ManufacturerVersionFull20 : 7.2.3.0   

 

"Get-BitLockerVolume -MountPoint C" returns

VolumeType      Mount CapacityGB VolumeStatus           Encryption KeyProtector              AutoUnlock Protection

                Point                                   Percentage                           Enabled    Status    

----------      ----- ---------- ------------           ---------- ------------              ---------- ----------

OperatingSystem C:        237,29 FullyEncrypted         100        {RecoveryPassword, Tpm}              On        

 

"Confirm-SecureBootUEFI" returns

True

 

What can we do to fix this?

Resources