Bitlocker enable - intune - how to confirm its enabled

Aran Billen 866 Reputation points
2024-11-27T12:42:24.66+00:00

Hi all,

I have set bitlocker on a test machine. The policy has applied and I have restarted the machine.

The polices I set are here:

Screenshot 2024-11-27 at 12.34.13

Screenshot 2024-11-27 at 12.34.33

The test machine is azure AD joined too.

On the machine itself I have checked the C drive and it says enable bitlocker;

Screenshot 2024-11-27 at 12.32.36

Should this not be enabled?

I also checked logs in intune under monitor:

Screenshot 2024-11-27 at 12.33.09

Please help!

Microsoft Intune Security
Microsoft Intune Security
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
440 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,285 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. ZhoumingDuan-MSFT 14,150 Reputation points Microsoft Vendor
    2024-11-28T02:07:48.6466667+00:00

    @Aran Billen, Thanks for posting in Q&A.

    From your description, I know you want to enable BitLocker on your device but failed for some reasons.

    To clarify this issue, please confirm and check something below.

    1.Could you please confirm us do you want to silently enable BitLocker on your device or you just want to enable BitLocker on your device, because if you just enable BitLocker , you should manually enable it on targeted device if the policy deployed, if you want to silently enable it, there is some settings missing in your policy that may failed to encrypt the device, here is a link you can refer to re-configure the policy.

    https://c7solutions.com/2023/11/enabling-bitlocker-in-silent-mode-using-the-settings-catalog

    Non-official, just for reference.

    2.Please check whether your device meet the requirement below.

    https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/#system-requirements

    Meanwhile, I notice the encryption readiness status of the device is "Ready" but the encryption status is "Not encrypted", it is possible that encryption isn't finished yet. Please run "manage-bde -status" command to confirm if it is encrypted on the device.

    3.If you re-configure the policy and deploy it successfully, but the device still cannot encrypt, please check Event Viewer and Registry to see if the policy has been applied and if there exist some related information.

    https://learn.microsoft.com/en-us/troubleshoot/mem/intune/device-protection/troubleshoot-bitlocker-policies

    Please check above information, if there is any update, feel free to let me know.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.