Showing posts from February, 2019

Mystery Solved: Bitlocker is enabled, but Intune shows the computer as non-compliant for Require Bitlocker

For some time, I have struggled to understand why Intune reports some computers as non-compliant with the "Require Bitlocker" setting, even though Bitlocker is enabled and working on the computer.  In my searches for an explanation, I found the same question asked by many others, but never an answer.  Until today.

I accidentally stumbled across this article from Microsoft's Rob Lane, which explains how the Require Bitlocker setting is evaluated and why it might seem to incorrectly report a non-compliant state.  I encourage you to check out that article for full details.  I'll just summarize here the part that suddenly made this bitlocker compliance issue make sense to me.

The "Require Bitlocker" setting in Intune relies on the Device Health Attestation (DHA) service in Windows 10 to report the state of Bitlocker encryption on the computer. If Bitlocker protection is disabled or suspended, DHA will report that the computer is non-compliant with this setting.T…