Tech Community Live: Microsoft Intune
Mar 20 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

Compliance mark computer OK for Bitlocker even if not enabled

Brass Contributor

Hi all,


I've been wondering for some time already whether it is a bug.. or I miss something ...


I have a compliance policy that includes checking for Bitlocker (Device Health -> Bitlocker:Required). However, I've found out that when a new computer is enrolled, the device is marked as compliant. When I check for particular compliance policy setting, Bitlocker is showing Compliant. And this is for computers that DO NOT have bitlocker enabled at all...




When I check devices via "Monitor->Encryption report", the status for devices without bitlocker seems to be ok there as it shows "Not encrypted"...


What is the purpose of Compliance "Bitlocker" check and does it work differently than "Monitor"?

Why is it showing compliant then?

3 Replies
Mmmm ... just wondering by how does your default compliance settings look like?

Mark devices without compliance policy as? maybe at that point in time, the device doesn't had the possibility to sync/report/checkin properly

Or any grace periods configured? should the device be marked not compliant immediately or?

I assume that after a reboot or a while the device would be mark not compliant?
thanks for mentioning "Compliance policy settings" .. I was not aware of that... I've changed "Mark devices with no compliance policy assigned as" ....from "Compliant" to "Not Compliant"...

I would say this was the issue... Will see if better when adding new computer next time :)

Btw, I have device compliance policy Action to mark devices as noncompliant immediately.
Yep... mentioning that one in an older blog
But yeah i would start with that one first :) ... reenroll a device again to see what changed