Forum Discussion

Brass Contributor

Nov 26, 2020

MEM Intune Endpoint Security Bitlocker troubleshooting

Hi, trying to figure out why I keep seeing the following when trying to encrypt my devices with endpoint security. What does not applicable mean? Is there any logs I can check or event viewer ent...

Intune

lalanc01

Iron Contributor

Jan 14, 2021

Stephane Lalancette just found this while searching for ideas:

The silent enable portion is half azz · Issue #255 · MicrosoftDocs/memdocs · GitHub

It seems like it might not be supported to do HAAD silent encryption with MEM.

I have a support call opened to verify this and will post findings here.

Thijs Lecomte

Bronze Contributor

Jan 15, 2021

Just confirming that this is indeed not possible on Hybrid devices.
You need to enable it another way (for example SCCM or Powershell)

lalanc01
Iron Contributor
Feb 08, 2021
Thijs Lecomte while working with MS support they've told us that HAAD silent bitlocker is really supported.
Still working with them to understand how. Currently the only way to make it work is to not set the user as admin.

For unknown reasons, when the user is admin we get a permission issue. MS support is not able to reproduce the issue at the moment, so the investigation is ongoing.
Ivan Webb
Brass Contributor
Feb 08, 2021
Thijs Lecomte We have been trying to do this for Azure AD joined devices and are not able to make it work reliably.
Currently MS "Premier Support" have had the ticket for over 3 months and they still can't make it work.

Rapidly loosing ANY faith in Intune managed BitLocker. It just seems that it is far too flaky for Enterprise use.