Intune Driver Patching trips BitLocker Key Prompt

jgcovalt 31 Reputation points

We've moved update patching into Intune for our workstations, and are in the process of testing driver update enablement in Intune as well via the update rings 'Windows drivers' setting. However, when pushing driver updates, Intune also installs firmware and BIOS updates, which causes an issue because it then prompts users for BitLocker keys due to the change.

It looks like this should be suspending BitLocker for the enablement, but that's not happening. I'm not seeing a setting for this either.

Does anyone know if there's a way to force suspend BitLocker for Intune-pushed Windows updates, and re-enable post-updates, or perhaps if the opposite is true (that there's some way to disable this suspend, and maybe we've done it inadvertently so I can turn that off)?

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
2,747 questions
Windows Autopatch
Windows Autopatch
A cloud service that automates Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams updates to improve security and productivity across your organization.
18 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Simon Ren-MSFT 17,831 Reputation points Microsoft Vendor


    Thank you for posting in Microsoft Q&A forum.

    Yes, suspending BitLocker protection on a system drive prevents certain problems and allows successful firmware and hardware updates. If BitLocker protection isn't suspended, the system won't recognize the BitLocker key and you'll be prompted to enter the recovery key to proceed next time the system restarts.

    You can suspend BitLocker protection and resume it by using PowerShell and deploy the PowerShell command via Intune. Please refer to:

    Suspend BitLocker protection for non-Microsoft software updates

    Use PowerShell scripts on Windows 10/11 devices in Intune

    Suspend-BitLocker -MountPoint "C:" -RebootCount 0

    Resume-BitLocker -MountPoint "C:"

    Thanks for your understanding. Have a nice day!

    Best regards,


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.