Intune - Enable BitLocker TPM-device not activated

Question

In Intune I created under Endpoint security, Disk encryption a Policy for enabling BitLocker:

But the ProBook 440 G7 with TPM doesn't get BitLocker enabled. I do see at the sync info that the BitLocker Policy got received though..

Intune states:

Why isn't this working?

Answer 1

Please firstly check if account must have the applicable Intune role-based access control (RBAC) permissions.

Also, it's possible that the underlying device hardware doesn't meet the requirements for BitLocker encryption. You can find the system requirements for BitLocker in the Windows documentation, but the main things to check are that the device has a compatible TPM chip (1.2 or later) and a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware.

Reference: https://learn.microsoft.com/en-us/mem/intune/protect/troubleshoot-bitlocker-policies#troubleshooting-bitlocker-policy

---

If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

What account and role are you aiming for?

The hardware does have TPM, that's why I posted the screenshot which shows that it is TPM 2.0

Answer 3

Hi,
Have you configured the other two settings that is mentioned here? they are required for silently activating BitLocker.

• Warning for other disk encryption = Block.
• Allow standard users to enable encryption during Azure AD Join = Allow

https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#silently-enable-bitlocker-on-devices

That should do it
Regards,
Jörgen