Posted in : Intune, Microsoft, Windows Av Sebastian Stegrin Översätt med Google ⟶

2 years ago

A while ago I started to upgrade the encryption on some devices to 256 from 128, but I noticed one issue while doing so. Intune marked some computers as Not Compliant for some reason which I still don’t know why. I opened a Microsoft-case regarding this but I managed to solve it myself and will therefore give you my solution to this down below since Microsoft didn’t have an answer to as why this happened.

Instructions on how to clear the status Not Compliant in Intune after upgrading BitLocker encryption.

  1. Create a group that is excluding devices from your Compliance Policy that is looking for the encryption on your computers.
  2. In Intune, do a BitLocker Key Rotation on the device.
    1. This can take a while, but you can follow up the status on the device in Intune.
  3. Wait until the computer is marked as Compliant in Intune.
  4. Remove the exclusion from the Compliance Policy and make sure that the device stays Compliant after this.
  5. Done

Feel free to send me a message if you need help with this on LinkedIn!

Tags : bitlocker, compliance, Intune, MEM, Windows

Personlig rådgivning

Vi erbjuder personlig rådgivning med författaren för 1400 SEK per timme. Anmäl ditt intresse i här så återkommer vi så snart vi kan.


Dan Jansson says

I have not run into this myself but Bitlocker compliance is only evaluated after boot, so perhaps a reboot could have fixed it. Keeping Bitlocker compliance in a separate policy with a grace period instead of immediate may also help in some situations.

Add comment

Your comment will be revised by the site if needed.