Forum Discussion
MEM Intune Endpoint Security Bitlocker troubleshooting
Hi, trying to figure out why I keep seeing the following when trying to encrypt my devices with endpoint security.
What does not applicable mean? Is there any logs I can check or event viewer entries or other to help get to the bottom of this?
Setting
Enable full disk encryption for OS and fixed data drives
State
Error code
Not applicable
Source profiles
Not available
Thks in advance and don't hesitate if you have any questions
12 Replies
And no other backup/imaging tools installed on the device itself or other weird settings definied in
Computer Configuration>Windows Settings>Security Settings>Local Policies>User Rights- Hi Stephanie,
I would check the event viewer under here for more info-
logs\Microsoft\Windows\BitLocker-API.
I recommend upgrading BIOS version, enable Secure Boot and update to TPM 2.0.
Here is a good guide to enable Silent encryption-
https://www.inthecloud247.com/windows-10-failed-to-enable-silent-encryption/
Hope this helps!
MoeYes that's one the main place I look for logs.
Here's what we're getting so far:
The error we are getting is :
Failed to enable Silent Encryption
Error: a required privilege is not held by the client
And we also get:
Bitlocker cannot use Secure Boot for integrity because the UEFI variable 'secureboot' could not be read
Error: a required privilege is not held by the clientWe also on HP 840 with TPM 1.2 (not supported to uprgade to 2.0), get the bitlocker 3rd party drive encryption, even if the MDM policy is set to block on the device.
Seems like it's not honoring this setting for some reason.
On that device, we get Bitlocker cannot use secure boot for integrity because the expected tcg log entry for variable 'secureboot' is missing or invalid
- I've requested a newer laptop with TPM 2.0 to see if it'll change anything.
Did you ever find a solution? Stephane Lalancette
@ErinMcD I still haven't found a solution. Still investigating and working with Fasttrack will probably create a support call soon
