Forum Discussion
Bitlocker Encryption with AutoPilot Deployment (Non SCCM, Cloud ECM only)
Hi we are leveraging a config profile to encrypt our computers after Autopilot Enrollment. XTS-AES 256-bit used space only. The issue that we are seeing is that some of our PCs encrypt with 128 only...
SteveThomas
Microsoft
MicrosoftI would also verify that all the devices firmware is up to date. This Customer Success article may also be helpful in gathering additional data - especially if you open a support case, which is also recommended. https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-troubleshooting-bitlocker-policies-in-microsoft/ba-p/863670
- Thank you. I have read through this. The Hardware, OS 21H2, Firmware, TPM, and relevant BIOS settings are intact. We can decrypt the drive, then let the config profile kick in and it will Encrpyt properly. This mostly seems to happen when the device is Pre-Provisioned. We don't use any preprovisioning packages.
- Jason_SandysHow is the device registered in Autopilot and how long are you waiting after it is registered to begin the Autopilot process?
- It is usally registered for a couple of daye. The deployment profile is assigned through the Dynamic groupa and Group Tag. We wait for the peofile to say assigned.
