Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments.
The company said that Intune is among the MDM platforms affected by the bug and confirmed that third-party MDM solutions might also be impacted.
However, when it acknowledged this in October, it clarified that this was just a reporting problem and the bug does not actually impact drive encryption or the reporting of other device problems, including other BitLocker issues on enrolled Windows devices.
‘Using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the ‘Require Device Encryption’ setting for some devices in your environment,” the company explains on the Windows Health dashboard.
“Affected environments are those with the ‘Enforce drive encryption type on operating system drives’ or ‘Enforce drive encryption on fixed drives’ policies set to enabled and selecting either ‘full encryption’ or ‘used space only’.”
The now-fixed bug only affects client platforms such as Windows 11 21H2/22H2, Windows 10 21H2/22H2, and Windows 10 Enterprise LTSC 2019.
Additionally, according to Redmond’s Windows release health page, it only impacts systems where drive encryption is enforced for OS and fixed drives.
Microsoft has resolved this bug in the KB5034204 preview update released on January 23 for Windows 11 and the KB5034763 cumulative update released on February 13 for Windows 10.
However, the company says it will not fix the bug for Windows 10 Enterprise LTSC 2019, which is under extended support.
This decision is based on the fact that the bug is restricted to a reporting scenario only, which means it does not impact drive encryption or the reporting of other issues on the device.
Admins can still mitigate the issue on Windows 10 Enterprise LTSC 2019 systems by enabling the “not configured” setting for the “Enforce drive encryption on fixed drives” or “Enforce drive encryption type on operating system drives” policies in Microsoft Intune.