Bitlocker pushed via Intune does not work
Hello, I'm trying to set up silent bitlocker deployment via Intune->Endpoint Security -> Disk Encryption. I have assigned a testing machine to it but it doesn't seems to enable bitlocker at all on the machine. I am attaching the configuration. We are in hybrid scenario and the computer is hybrid joined... Now... I can see the policy SUCCEEDED in intune... also "Per setting status" report shows all successful the laptop has only one drive - OS drive - and it is not encrypted in Event Viewer, I see "Bitlocker CSP: OS Drive not protected" before, I saw also "encryption type not supported" when I had "Full encryption" enabled. After changing it to "Used data only" this warning does not appear anymore I have forced sync from the laptop.. also restarted few times already... but the drive still does not have bitlocker turned on.Btw, it is a fresh new laptop Any advise? Am I missing anything here? UPDATE: I see one more warning in Event Viewer that is related to Bitlocker: "BitLocker CSP: GetDeviceEncryptionComplianceStatus indicates OSV is not compliant with returned status 0x106" Regards, Michal
Bitlocker Recovery Key Sync Issue in Intune
Hello All, We’ve configured Bitlocker settings in Intune using a device configuration profile in a hybrid environment. While it was previously working fine, for the past two weeks, devices assigned to the Bitlocker policy are encrypting successfully, but the recovery keys are not syncing to Intune/Entra. Below are the relevant event logs from the affected devices: - Event ID: 846 - Failed to backup Bitlocker Drive Encryption recovery information for volume C: to your Azure AD. - TraceId: (xxxx) - Error: JSON value not found. - Event ID: 875 - Server reported a failure while attempting to retrieve recovery password information from AAD. - Error: Unknown HResult Error code: 0x80190000 - HTTP Status Code: 0 - RetryRequest: false - DidSetRetryHint: false - RetryHintSeconds: 0 - Event ID: 868 - Failed while attempting to get Bitlocker Drive Encryption recovery information from Azure AD. - Error Code: Unauthorized (401) If anyone has encountered similar issues, your guidance on troubleshooting would be greatly appreciated. Thanks,Microsoft Entra ID Bitlocker Key Packages location
Hello, According to info provided in Intune, key packages can be now saved in Entra ID (so it means that KPs can be saved in cloud-ony environment Entra ID right?) I would like to know how to download those key packages or where can I find them? Best regards,
External SSD Locked by BitLocker After Restart
Hello, I am experiencing an issue with my external SSD, which has been locked by BitLocker. I had to restart my work computer, and after the restart, the drive was automatically locked. I did not make any changes; I simply restarted the computer. Now, the drive is locked, and I am being prompted to enter a 48-digit recovery key, which I do not have. Could you please advise me on what to do in this situation? Is there a location on my computer where I might be able to find the recovery key? Thank you for your assistance.
BitLocker backup into Entra ID
We are in the process of setting up Hybrid Join. When I try to backup the bitlocker key to Entra ID I get the following error in the event viewer Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Azure AD. TraceId: ***************************** Error: Unknown HResult Error code: 0x80072efe. When I run the backup powershell script on the computer i get the following error: I have logged in with my FQDN on the computer. I show the computer is compliant and CO-Managed. I have also blocked the GPO that was handling the bitlocker from being pushed to the computer. I have restarted and ran gpupdate /force multiple time. Any assistance would be helpfull. I am unable to find anything online to resolve this issue.HAADJ with Intune Co-Management
Hello, -I have HAADJ tenant with Intune Co-Management. -AD connect syncs devices only and not users to Entra (as users are third party provisioned and federated). -Devices appear in Azure then are added to group for Intune policy enrollment. Enrollment is done via GPO. -They get enrolled in Intune using Co-management with SCCM, Auto MDM enrollment with device credentials and appear in Intune as co-managed. -Bitlocker is applied via Intune on the devices to encrypt fixed data drives and operating system drives. GPO is applied to avoid backing up recovery key in AD as explained here. https://www.burgerhout.org/the-bitlocker-haadj-nightmare/ Question(s): 1-For testing, We encrypt and remove semantics drive encryption, Restart is done during removal then recovery key screen appears and key is requested to access device. Second Restart after uninstall, The Key is not requested. 2-After testing Recovery key is stored in Intune but not stored in the below location https://myaccount.microsoft.com/-> Devices -> Manage Devices -> Select devices -> View Bitlocker Keys (It appears only in test environment where enrollment is done via User credentials as opposed to device credentials) 3-Devies in Azure under the following URLDevices - Microsoft Entra admin center-> Show an owner when device is first moved with AD sync however later on owner is removed and the behavior is very random, However in Intune, Devices show a Primary user logged in as long as someone is logged in to office which is fine and acceptable. So what could be the reason for issue in Azure/Entra?
