Non-compliance codes
Applies to: Configuration Manager (current branch)
WMI on the client provides the following non-compliance codes. It also describes the reasons why a particular device reports as non-compliant.
There are various methods to view WMI. For example, use the following PowerShell command:
(Get-WmiObject -Class mbam_Volume -Namespace root\microsoft\mbam).ReasonsForNoncompliance
Tip
If the device is compliant, this command doesn't return anything.
You can also check the Compliant attribute of this class, which is 1 if the device is compliant.
| Non-compliance code | Reason for non-compliance |
|---|---|
| 0 | Cipher strength not AES 256. |
| 1 | BitLocker policy requires this volume to be encrypted, but it isn't. |
| 2 | BitLocker policy requires this volume to not be encrypted, but it is. |
| 3 | BitLocker policy requires this volume use a TPM protector, but it doesn't. |
| 4 | BitLocker policy requires this volume use a TPM+PIN protector, but it doesn't. |
| 5 | BitLocker policy doesn't allow non-TPM machines to report as compliant. |
| 6 | Volume has a TPM protector, but the TPM isn't visible. |
| 7 | BitLocker policy requires this volume use a password protector, but it doesn't have one. |
| 8 | BitLocker policy requires this volume not use a password protector, but it has one. |
| 9 | BitLocker policy requires this volume use an auto-unlock protector, but it doesn't have one. |
| 10 | BitLocker policy requires this volume not use an auto-unlock protector, but it has one. |
| 11 | BitLocker detects a policy conflict, which prevents it from reporting this volume as compliant. |
| 12 | A system volume is needed to encrypt the OS volume, but it isn't present. |
| 13 | Protection is suspended for the volume. |
| 14 | Auto-unlock protector is unsafe unless the OS volume is encrypted. |
| 15 | Policy requires minimum cypher strength is XTS-AES-128 bit, actual cypher strength is weaker. |
| 16 | Policy requires minimum cypher strength is XTS-AES-256 bit, actual cypher strength is weaker. |