Bitlocker encryption issues over Intune
Hi,
I have an Hybrid AD deployment and use Intune to deploy security settings to our endpoints.
I set up a Device Configuration policy to deploy Bitlocker on all our Windows devices, and this was done quite some time ago. Now I created a powershell script to audit if the bitlocker keys are in AzureAD and Intune, and found out that around 500 out of 2000 devices do not have keys, so I guess that they are not encrypted. I looked at a couple of cases to analyze and I’ve got some conflicting information. If I look at the device on Intune, I can see that my Device Configuration policy was “Succeeded”, like shown here:
But then if I go to “Endpoint Security” -> “Disk Encryption”, I can see my policy named “Bitlocker_All_Devices” there, and entering the policy, looking at “Device Status”, I have the list of “Succeeded” devices, and the device is not there.
So on the device, the policy seems to have been applied, but in fact no encryption happened. How can I debug what’s going on here? Without having to look individually to 500 devices of course.
Thanks
Hi,I have an Hybrid AD deployment and use Intune to deploy security settings to our endpoints.I set up a Device Configuration policy to deploy Bitlocker on all our Windows devices, and this was done quite some time ago. Now I created a powershell script to audit if the bitlocker keys are in AzureAD and Intune, and found out that around 500 out of 2000 devices do not have keys, so I guess that they are not encrypted. I looked at a couple of cases to analyze and I’ve got some conflicting information. If I look at the device on Intune, I can see that my Device Configuration policy was “Succeeded”, like shown here:But then if I go to “Endpoint Security” -> “Disk Encryption”, I can see my policy named “Bitlocker_All_Devices” there, and entering the policy, looking at “Device Status”, I have the list of “Succeeded” devices, and the device is not there.So on the device, the policy seems to have been applied, but in fact no encryption happened. How can I debug what’s going on here? Without having to look individually to 500 devices of course. Thanks Read More