BitLocker encryption not working on newly created Autopilot device

%3CLINGO-SUB%20id%3D%22lingo-sub-1747025%22%20slang%3D%22en-US%22%3EBitLocker%20encryption%20not%20working%20on%20newly%20created%20Autopilot%20device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1747025%22%20slang%3D%22en-US%22%3E%3CP%3E%3CSPAN%3EHi%20Community%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EI%20am%20currently%20setting%20up%20Autopilot%20and%20want%20to%20enable%20BitLocker%20security%20at%20the%20point%20when%20the%20device%20is%20built%20or%20as%20a%20last%20resort%20could%20do%20post%20build.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunately%20I%20am%20unable%20to%20get%20my%20device%20to%20enable%20BitLocker%20for%20a%20start.%3C%2FP%3E%3CP%3EThe%20device%20is%20co-managed%20and%20I%20have%20created%20a%20policy%20in%20Intune.%3C%2FP%3E%3CP%3EWhen%20the%20device%20is%20built%20from%20an%20Autopilot%20reset%2C%20it%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22IL_AD%22%3Edoesn't%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eseem%20to%20be%20enforcing%20BitLocker.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20get%20an%20error%20in%20Intune%20device%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CSPAN%20class%3D%22IL_AD%22%3Eprofile%3C%2FSPAN%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Esettings%20targeted%20for%20the%20device.%3C%2FP%3E%3CTABLE%3E%3CTBODY%3E%3CTR%3E%3CTD%3E%3CP%3E-2016281112%20(Remediation%20failed)%3C%2FP%3E%3C%2FTD%3E%3C%2FTR%3E%3C%2FTBODY%3E%3C%2FTABLE%3E%3CP%3EThe%20error%20code%20is%200x87d1fde8.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20include%20a%20screenshot%20of%20the%20settings%20defined%20in%20Intune.%20Ideally%20I%20want%20to%20set%20256%20bit%20encryption%20with%20a%20start-up%20PIN%20and%20the%20PIN%20stored%20in%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20advice%20on%20what%20I%20am%20doing%20wrong%20would%20be%20greatly%20appreciated.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOn%20a%20side%20note%2C%20Should%20I%20be%20attaching%20this%20policy%20through%20endpoint%20security%20now%20going%20forward%3F%20I%20hear%20the%20older%20methods%20will%20become%20deprecated%20in%20the%20future.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EMany%20Thanks%20for%20members%20support.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1747025%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1751877%22%20slang%3D%22en-US%22%3ERe%3A%20BitLocker%20encryption%20not%20working%20on%20newly%20created%20Autopilot%20device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1751877%22%20slang%3D%22en-US%22%3EI%20have%20been%20using%20Silent%20Bitlocker%20which%20always%20works%20as%20expected%2C%20it%20could%20be%20something%20like%20BIOS%20needed%20to%20be%20up%20to%20date.%20Check%20this%20one%20out-%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fwww.inthecloud247.com%2Fwindows-10-failed-to-enable-silent-encryption%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.inthecloud247.com%2Fwindows-10-failed-to-enable-silent-encryption%2F%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1755439%22%20slang%3D%22en-US%22%3ERe%3A%20BitLocker%20encryption%20not%20working%20on%20newly%20created%20Autopilot%20device%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1755439%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F707989%22%20target%3D%22_blank%22%3E%40isotonic_uk%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ECan%20you%20take%20a%20look%20at%20the%20BitLocker%20event%20logs%3F%20Can%20you%20try%20to%20change%20your%20settings%20to%3A%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3CDIV%20class%3D%22mceNonEditable%20lia-copypaste-placeholder%22%3E%26nbsp%3B%3C%2FDIV%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Sk%C3%A4rmavbild%202020-10-07%20kl.%2020.59.06.png%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F224901i9648B9AF33DFFCA6%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20role%3D%22button%22%20title%3D%22Sk%C3%A4rmavbild%202020-10-07%20kl.%2020.59.06.png%22%20alt%3D%22Sk%C3%A4rmavbild%202020-10-07%20kl.%2020.59.06.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Contributor

Hi Community

 

I am currently setting up Autopilot and want to enable BitLocker security at the point when the device is built or as a last resort could do post build.

 

Unfortunately I am unable to get my device to enable BitLocker for a start.

The device is co-managed and I have created a policy in Intune.

When the device is built from an Autopilot reset, it doesn't seem to be enforcing BitLocker.

 

I also get an error in Intune device profile settings targeted for the device.

-2016281112 (Remediation failed)

The error code is 0x87d1fde8.

 

I include a screenshot of the settings defined in Intune. Ideally I want to set 256 bit encryption with a start-up PIN and the PIN stored in Azure AD.

 

Any advice on what I am doing wrong would be greatly appreciated.

 

On a side note, Should I be attaching this policy through endpoint security now going forward? I hear the older methods will become deprecated in the future.

 

Many Thanks for members support. 

 

 

2 Replies
I have been using Silent Bitlocker which always works as expected, it could be something like BIOS needed to be up to date. Check this one out-

https://www.inthecloud247.com/windows-10-failed-to-enable-silent-encryption/
Highlighted

@isotonic_uk 

Can you take a look at the BitLocker event logs? Can you try to change your settings to: 

 

Skärmavbild 2020-10-07 kl. 20.59.06.png