InTune compliance error on sync

Question

We have setup Intune with autoenrollment and automatic encryption. Both of these portions appear to be working correctly, but nearly a third of the devices that are enrolled and encrypted give a compliance error in MEM.

---
State: Error
State Details: -2016345708 (Syncml(404): The requested target was not found).
Setting: Require BitLocker
State: Error
Source Profile: Default Win 10
Error Code: 0x87d10194
Error Details: Syncml(404): The requested target was not found
---

I am on a recent version of Win 10 (21H2).
I have confirmed TPM 2.0, PCR 7, and SecureBoot
Devices that are compliance share the same OS, updates, drivers, and computer models with others that are not compliant
The policy only contains a single setting: Require BitLocker
The devices have been rebooted multiple times, as well as suspending and reenabling bitlocker.

Can anyone help figure out why this shows as syncml error?

Answer 1

I have the same issue.
2016345708(Syncml(404): The requested target was not found. It is pretty frustrating to see this happening with Microsoft Intune. I have over 300 endpoints on Intune, and about 40 have this sync issue. Not just Bitlocker but other settings like password complexity, Antivirus and Firewall. I wish Microsoft would be looking into these problems and providing lasting solutions. It is causing a lot of problems during auditing. I have the same problem with Bitlocker, but when I check the PC, BitLocker works well with no issues. Same for Antivirus. It is installed and updated, but I still have an error on the MDM. I need urgent help on this matter. I have removed some of the PCs from MDM and rejoined again, but the same problem persists.

Answer 2

@Mark R , From your description, I know one device shows compliance error with Require BitLocker. And you have done some checking that the secure boot state is on and the pcr7 configuration is set to bound, Restart multiple times. But it is still not working. If there's any misunderstanding, feel free to let us know.

In General, 'Require BitLocker' uses Windows Device Health Attestation service to check its settings; according to this page under 'Hardware Requirements' a requirement of this service is 'UEFI 2.3.1 or later firmware with Secure Boot enabled. Please check if the device meets this requirement:
https://learn.microsoft.com/en-us/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices#hardware-req

Meanwhile, Could you check if the Bitlocker encryption is completed on the device? Please run the following commands to check:
Manage-bde -status
Manage-bde -protectors -get C:

In addition, I notice we have configured auto encryption, could you get a screen shot of the profile settings to let us know it better.

Please check the above information. If there's any update, feel free to let us know.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 3

i have also same issues -2016345708(Syncml(404),i have checked bitlocker with run this cmd Manage-bde -status Manage-bde -protectors -get C: 100% completed then why getting this issues,kindly help to resolve issues