Microsoft has confirmed a new issue that is affecting all Windows client versions, be it on Windows 11 (22H2, 21H2), Windows 10 (22H2, 21H2, and Enterprise LTSC 2019). The bug is related to BitLocker CSP encryption reporting. The BitLocker configuration service provider (CSP) is used by the enterprise to manage the encryption of PCs and devices.
According to Microsoft, a "65000" error code is being displayed in the "Require Device Encryption" setting on Intune for Mobile Device Management (MDM). The tech giant notes here that other than Intune, similar third-party apps may be affected too.
It explains:
Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment.
Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important: This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues.
Although Microsoft has not been able to devise a resolution for this issue yet, the company has provided a simple workaround that can mitigate it. It involves changing the policy settings to "not configured".
Workaround: To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured.
Next steps: We are working on a resolution and will provide an update in an upcoming release.
You can read more about the issue on Microsoft's health dashboard website.
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.