Part 6 – Enable Silent BitLocker with Intune in Hybrid-Join Scenario

Image result for BitLocker ICO

Troubleshooting

This section highlights some issues you may encounter and how to resolve them

Group Policy

If you have your policies misconfigured you can see event logs that highlight conflicts and the result will be that Silent BitLocker fails to encrypt the drive

  1. Open the Event Log and check the following
    Microsoft-Windows-BitLocker-API/Management
    Event: 851
Event 851

2. Open Task Scheduler and go to Microsoft>Windows>Bitlocker
BitLocker Encrypt All Drives
BitLocker MDM policy Refresh: 0x8031005B

This image has an empty alt attribute; its file name is image-22.png


The stop code, 0x8031005B, on BitLocker MDM policy Refresh validates the error shown in the Event Log above.

What is the cause?

This will be a misconfiguration with the Intune policy for Bitlocker, specifically with the start up authentication methods

Silent Bitlocker as it’s name suggests is supposed to be silent and therefore should not have any options set to require a PIN or Start up key, this would require user interaction to set this and therefore is out of scope.

The configuration below is wrong

This image has an empty alt attribute; its file name is image-11.png

Change the configuration to the below

3. Now re-run the MDM tasks
BitLocker Encrypt All Drives
BitLocker MDM policy Refresh: 0x41301

4. Now check the Event log

Removable Drives

Make sure you remove the ISO installation media from the virtual DVD drives on your computer. This will halt BitLocker from silently encrypting the drive

Additional Troubleshooting

Troubleshoot BitLocker policies in Microsoft Intune
Enforcing BitLocker policies by using Intune: known issues

Image result for intune

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s