Bitlocker hybrid unknown error

Question

Hi,

Trying to apply bitlocker from Intune with our Hybrid Azure machines.

Machine info:
Windows 10.0.19042.804
Secure Boot State On
TPM 2.0
OS Name Microsoft Windows 10 Business
BIOS Mode UEFI
PCR7 Configuration Binding Possible

If I go to Monitor>Encryption report> It say that the device Encryption readiness=ready

I checked one of the machines that have been successful and have bitlocker enabled, I can see from the logs that the machine have PCR7 Configuration Bound, and as you can see from the machine that has problems it have PCR7 Configuration Binding Possible... could that be a cause to why not Bitlocker is getting enabled ?
Updated As you can see from the xls sheet the green are ok, the yellow will these become ok if we configure PCR7 to Bound ? and the red I am not sure about, since it does not support secure boot i guess a silent bitlocker is not an option, but bitlocker could be installed manually ?

Any suggestions on where to start from this ?

Answer 1

@Andreas , For silently enable Bitlocker on devices, the following settings are needed to configure:
--Warning for other disk encryption = Block.
--Allow standard users to enable encryption during Azure AD Join = Allow

We can see more detaisls in the following link:
https://learn.microsoft.com/en-us/mem/intune/protect/encrypt-devices#silently-enable-bitlocker-on-devices

For the devices which are nor support silently Bitlocker, we can change the setting "Allow standard users to enable encryption during Azure AD Join" to Not configured to manually enable Bitlocker.

Hope it can help.

---

If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.