i'm trying to test/push bitlocker on autopilot hybrid join only devices somehow can't overcome from this error any suggestions?
Error Details on endpoint console:
Setting Details
SETTING
Require Device Encryption
STATE
Error
ERROR TYPE
2
ERROR CODE
65000
SOURCE PROFILES
Unluckily there is no errors on the machine event log.
Windows Components > BitLocker Drive Encryption
Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)
Enabled
Select the encryption method for removable data drives:
AES-CBC 128-bit (default)
Select the encryption method for fixed data drives:
XTS-AES 128-bit (default)
Select the encryption method for operating system drives:
XTS-AES 128-bit (default)
Windows Components > BitLocker Drive Encryption > Operating System Drives
Enforce drive encryption type on operating system drives
Enabled
Select the encryption type: (Device)
Full encryption
Require additional authentication at startup
Enabled
Configure TPM startup key and PIN:
Allow startup key and PIN with TPM
Configure TPM startup:
Allow TPM
Allow BitLocker without a compatible TPM (requires a password or a startup key on a USB flash drive)
False
Configure TPM startup PIN:
Allow startup PIN with TPM
Configure TPM startup key:
Allow startup key with TPM
Configure minimum PIN length for startup
Enabled
Minimum characters:
6
Windows Components > BitLocker Drive Encryption > Fixed Data Drives
Enforce drive encryption type on fixed data drives
Enabled
Select the encryption type: (Device)
Full encryption
Choose how BitLocker-protected fixed drives can be recovered
Enabled
Do not enable BitLocker until recovery information is stored to AD DS for fixed data drives
True
Allow data recovery agent
True
Configure storage of BitLocker recovery information to AD DS:
Backup recovery passwords and key packages
Allow 256-bit recovery key
Configure user storage of BitLocker recovery information:
Allow 48-digit recovery password
Save BitLocker recovery information to AD DS for fixed data drives
True
Omit recovery options from the BitLocker setup wizard
Windows Components > BitLocker Drive Encryption > Removable Data Drives
Control use of BitLocker on removable drives
Enabled
Allow users to apply BitLocker protection on removable data drives (Device)
True
Enforce drive encryption type on removable data drives
Enabled
Select the encryption type: (Device)
Allow user to choose (default)
Allow users to suspend and decrypt BitLocker protection on removable data drives (Device)
False
Deny write access to removable drives not protected by BitLocker
Enabled
Do not allow write access to devices configured in another organization
True