cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Compliance mark computer OK for Bitlocker even if not enabled

sumo83
Brass Contributor

‎Nov 28 2023 05:19 AM - edited ‎Nov 28 2023 05:29 AM

‎Nov 28 2023 05:19 AM - edited ‎Nov 28 2023 05:29 AM

Compliance mark computer OK for Bitlocker even if not enabled

Hi all,

 

I've been wondering for some time already whether it is a bug.. or I miss something ...

 

I have a compliance policy that includes checking for Bitlocker (Device Health -> Bitlocker:Required). However, I've found out that when a new computer is enrolled, the device is marked as compliant. When I check for particular compliance policy setting, Bitlocker is showing Compliant. And this is for computers that DO NOT have bitlocker enabled at all...

 

 

UPDATE:

When I check devices via "Monitor->Encryption report", the status for devices without bitlocker seems to be ok there as it shows "Not encrypted"...

 

What is the purpose of Compliance "Bitlocker" check and does it work differently than "Monitor"?

Why is it showing compliant then?

Labels:
308 Views
0 Likes
3 Replies
Reply
3 Replies
Rudy_Ooms_MVP

‎Nov 28 2023 11:24 AM

‎Nov 28 2023 11:24 AM

Re: Compliance mark computer OK for Bitlocker even if not enabled

Mmmm ... just wondering by how does your default compliance settings look like?
https://learn.microsoft.com/en-us/mem/intune/protect/device-compliance-get-started#compliance-policy...

Mark devices without compliance policy as? maybe at that point in time, the device doesn't had the possibility to sync/report/checkin properly

Or any grace periods configured? should the device be marked not compliant immediately or?

I assume that after a reboot or a while the device would be mark not compliant?
0 Likes
Reply
sumo83

‎Nov 28 2023 12:23 PM

‎Nov 28 2023 12:23 PM

Re: Compliance mark computer OK for Bitlocker even if not enabled

thanks for mentioning "Compliance policy settings" .. I was not aware of that... I've changed "Mark devices with no compliance policy assigned as" ....from "Compliant" to "Not Compliant"...

I would say this was the issue... Will see if better when adding new computer next time :)

Btw, I have device compliance policy Action to mark devices as noncompliant immediately.
0 Likes
Reply
Rudy_Ooms_MVP

‎Nov 28 2023 12:41 PM

‎Nov 28 2023 12:41 PM

Re: Compliance mark computer OK for Bitlocker even if not enabled

Yep... mentioning that one in an older blog
https://call4cloud.nl/2021/06/blood-sweat-and-built-in-compliance-policies/#part1
But yeah i would start with that one first :) ... reenroll a device again to see what changed
0 Likes
Reply