Hello,
I'm trying to set up silent bitlocker deployment via Intune->Endpoint Security -> Disk Encryption. I have assigned a testing machine to it but it doesn't seems to enable bitlocker at all on the machine. I am attaching the configuration. We are in hybrid scenario and the computer is hybrid joined...
Now...
- I can see the policy SUCCEEDED in intune... also "Per setting status" report shows all successful
- the laptop has only one drive - OS drive - and it is not encrypted
- in Event Viewer, I see "Bitlocker CSP: OS Drive not protected"
- before, I saw also "encryption type not supported" when I had "Full encryption" enabled. After changing it to "Used data only" this warning does not appear anymore
I have forced sync from the laptop.. also restarted few times already... but the drive still does not have bitlocker turned on. Btw, it is a fresh new laptop
Any advise? Am I missing anything here?
UPDATE:
I see one more warning in Event Viewer that is related to Bitlocker: "BitLocker CSP: GetDeviceEncryptionComplianceStatus indicates OSV is not compliant with returned status 0x106"
Regards,
Michal
@TomWechsler not a stupid question at all.... Always better to double check it :) ... It is a brand new Lenovo X1 with up to date Windows 11... Intune Monitor shows below so it is TPM 2.0 as well...The laptop is also Hybrid Joined.... Not sure about BIOS UEFI though... haven't checked it..
