Event banner
Windows Office Hours: May 18, 2023
Event Ended
Thursday, May 18, 2023, 08:00 AM PDTEvent details
Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date ef...
Heather_Poulsen
Updated May 18, 2023
Howdy412
May 18, 2023Casual Reader
We deployed a test policy using the Disk encryption section of Intune, (depicted below). The test device initially received the policy and encrypted as expected. I then manually removed the encryption from the endpoint and reapplied the same policy. Intune shows the policy successfully deployed but it will not re-encrypt the OS drive. Any ideas?
- Joe_LurieMay 18, 2023
Microsoft
Howdy412 Hi Tyler thanks for reaching out. Encryption is a policy that will not reapply once it shows as successfully applied. Best bet is to create a duplication of the policy and apply the new policy to the device. And to remove admin rights from the user so that they cannot decrypt the drive.
You should also create a compliance policy and conditional access policy requiring encryption so that they cannot access resources when decrypted, and possibly a Remediation script (formerly known as Proactive Remediation). With the Remediation script you create a "detection" script checking for encryption, and a "Remediation" script which could run a manage BDE to encrypt if it's not encrypted.
- Howdy412May 18, 2023Casual ReaderHi Joe, I did try creating a duplicate of the policy. While again it shows it applied to the device, the drive remains unencrypted. Thank you for the tip on compliance policy and conditional access policies.
- R DMay 18, 2023Copper ContributorThis page has some useful info that might help: https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-protection/troubleshoot-bitlocker-policies