Intune - Require Device Encryption - Error 65000 type 2

Question

Hi everyone,
I have a problem with bitlocker. I use Intune to push bitlocker on my computers. But i meet this error -> error 65000 type 2.

Here is my bitlocker policies trough Endpoint Security Terminal :

After looking for error message in the event viewer, i found this :
CSP BitLocker : GetDeviceEncryptionComplianceStatus indique OSV n’est pas conforme à l’état renvoyé 0x10000 -> (BitLocker CSP: GetDeviceEncryptionComplianceStatus indicates OSV does not conform to the status returned 0x10000)

The encryption is correctly deploy like we can see when i check with manage-bde -status command :

For more details, i use Bitdefender as anti-virus.

I'm a newbie with Intune and i'm a little bit lost... If you have an idee, let me know.
Thanks in advance !

Answer 1

@Jonathan @ ANDRIA IT, Thanks for posting in Q&A. I find that you had problems on the specific setting "Require Device Encryption" in BitLocker deployment. Based as I know, Error code 65000 is a general error.

Please ensure the hardware supports DHA

TPM 2.0 or later UEFI 2.3.1 or later Meanwhile, I know you get Event ID 2900 on the affected devices with error code 0x10000 which suggests certificate trust issues.

You can follow the "8. What could be causing it" in the following link to find out which TPM related Root CA certificate is missing.

https://call4cloud.nl/2023/04/are-you-there-intune-its-me-hac/

Note: Non-Microsoft link, just for the reference.

After that, find the related certificate in the following location, install it on the affected device to see if the issue can be fixed.

https://go.microsoft.com/fwlink/?linkid=2097925.

Hope the above information can help.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.