Microsoft Intune - Bitlocker encryption Co-managed devices (fixed data drive)

Eduards 791 Reputation points
2021-02-23T13:54:12.287+00:00

Hello,

We have enabled Co-management and all devices are hybrid Azure AD joined. I configured Windows 10 Device configuration (Endpoint Protection Profile).

I encrypted OS drive without any problems. After that i configured policy to encrypt fixed data drive, after that i receive such error in Event Viewer (Bitlocker-API)

851 Silently Enctryption failed, Access Denied
![71138-image.png]1
71137-image.png
71059-image.png

This is my configuration. What could be the cause? Second partition is formatted and enabled. No additional CD/DVD drive or something like that.

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,977 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
5,448 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 51,046 Reputation points Microsoft Vendor
    2021-02-24T01:14:58.56+00:00

    @Eduards , From your description, I know we get silently encryption failure when configure Bitlocker for fixed data drive on Windows 10 Device configuration policy. if there's any misunderstanding, feel free to let us know.

    I know the devices are all Hybrid Azure AD joined. In fact, silently enable BitLocker on devices is only supported on Azure AD joined devices. As our devices are all Hybrid Azure AD joined, this may cause our issue.
    71258-image.png
    https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#manage-bitlocker

    Turn off bitlocker, Change "Allow standard users to enable encryption during Azure AD Join" to not configured, and then assign the policy again, Then the disks are encrypted correctly.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Eduards 791 Reputation points
    2021-02-24T06:36:17.087+00:00

    Hello @Crystal-MSFT

    Thank you for your answer.

    But there should be a way to encrypt fixed data drive using Microsoft Intune on Hybrid Azure AD joined devices?


  2. Eduards 791 Reputation points
    2021-03-01T11:30:52.663+00:00

    Hello @Crystal-MSFT - i turned off bitlocker on test laptop and then changed policy settings and deployed again.

    And after that all 2 disks were encrypted.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.