Jun 07 2019 01:23 PM
Jun 07 2019 01:23 PM
Jun 09 2019 05:37 AM
Which version of Windows 10 are you using, and if installed from media, which media are you using?
Jun 09 2019 05:53 AM
Jun 10 2019 12:45 AM
Sounds strange - I do not have access to a Surface Pro 6, so I am not able to replicate. However I am aware of an issue with the 1809 RTM media was causing the disk layout to be wrongly configured causing BitLocker to fail encryption as part of the AAD join. The issue is fixed with the most recent Windows 10 1809 ISO (January 2019). Any chance you are reusing the disk layout from a Windows 10 1809 RTM version?
Jun 10 2019 01:15 AM
Hi, I will try and find out. I may try it with 1903, then at least that rules out AutoPilot/InTune config if it works...
Thanks for the responses so far.
Jun 17 2019 01:38 AM
So I tried with a fresh 1903 version and getting this issue in event viewer:
"Failed to automatically enable device encryption.
Error message: Group policy does not permit the use of TPM-only at startup. Please choose a different bitlocker option."
The thing is its not set to TPM-only, its set to Startup PIN with TPM.
Jul 22 2019 10:33 AM
I'm having this exact same error when trying to Autopilot with a standard user using a PIN.
Did you ever come across a resolution?
Jul 23 2019 12:47 PM
No! To be honest I have been busy with other things, but I hope to go back to it... Very frustrating. Do you get an error in the event logs about not finding a keyboard when it tries to encrypt?
Jul 23 2019 12:58 PM
Honestly, Intune has been an absolute disaster to implement. Something will work one time and then never again even though settings haven't changed.
I don't get a finding keyboard error probably because I'm not using Surface. I get the following, or combinations of the following:
MDM ConfigurationManager: Command failure status. Configuraton Source ID: (6AAEC661-2BD6-4F50-A880-0A4634592183), Enrollment Type: (MDMDeviceWithAAD), CSP Name: (BitLocker), Command Type: (Clear: first phase of Delete), Result: (./Device/Vendor/MSFT/BitLocker/SystemDrivesRequireStartupAuthentication).
Group policy does not permit the use of TPM-only at startup. Please choose a different BitLocker startup option..
Cannot use secure boot for integrity because the uefi variable pk is not present
Jul 23 2019 01:08 PM