Device Configuration Policy showing false information

Copper Contributor



I noticed every client applied successfully our device policy and shows "Encrypt devices" as "Succeeded" but when I take a closer look at some clients I found out that many of them are not encrypted at all. Those clients also don't have a decrypt key in Azure. If I trigger Bitlocker manually on those clients the key is sent to Azure as configured. Anyone with similar issues?







1 Reply
Hi Josch,

Can you please check the event log and what error do you see? It should be under Microsoft/ Windows/ Bitlocker/API-Management.

I suspect the issue is either Outdated BIOS, TPM firmware or Secure Boot is not on. I highly recommend check those three settings to start.