This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(99.2, 28.000000000000004%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
We've moved update patching into Intune for our workstations, and are in the process of testing driver update enablement in Intune as well via the update rings 'Windows drivers' setting. However, when pushing driver updates, Intune also installs firmware and BIOS updates, which causes an issue because it then prompts users for BitLocker keys due to the change.
It looks like this should be suspending BitLocker for the enablement, but that's not happening. I'm not seeing a setting for this either.
Does anyone know if there's a way to force suspend BitLocker for Intune-pushed Windows updates, and re-enable post-updates, or perhaps if the opposite is true (that there's some way to disable this suspend, and maybe we've done it inadvertently so I can turn that off)?
Hi,
Thank you for posting in Microsoft Q&A forum.
Yes, suspending BitLocker protection on a system drive prevents certain problems and allows successful firmware and hardware updates. If BitLocker protection isn't suspended, the system won't recognize the BitLocker key and you'll be prompted to enter the recovery key to proceed next time the system restarts.
You can suspend BitLocker protection and resume it by using PowerShell and deploy the PowerShell command via Intune. Please refer to:
Suspend BitLocker protection for non-Microsoft software updates
Use PowerShell scripts on Windows 10/11 devices in Intune
Suspend-BitLocker -MountPoint "C:" -RebootCount 0
Resume-BitLocker -MountPoint "C:"
Thanks for your understanding. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
While I do understand that we can manually suspend BitLocker, all the documentation says that this should happen automatically when Windows Update runs and reboots the machine. Intune lacks the ability to run a pre- and post-script for updates, and we need a way to make BitLocker suspend automatically during the Windows Update process to fix this, as our end-users cannot be expected to even reboot their own machines, much less suspend and resume BitLocker.
Hi,
Thanks for your reply.
Given this situation, it is suggested to create an online support ticket to get more help. Here is the support link:
https://learn.microsoft.com/en-us/mem/get-support
I will also keep an eye on this issue, if there is any update, I will keep you no posted. Thanks for your understanding.
Best regards,
Simon