M365 Disk Encryption Profile to deploy bitlocker using Microsoft Endpoint Manager for your laptops and desktops , Microsoft Made it seamless to deploy them .
Known Errors –
Start – Eventvwr – Application and Service Logs – Microsoft – Windows – Bitlocker-API – Management
It Failed to enable Silent Encryption.
Error: Group policy prevents you from backing up your recovery password to Active Directory for this drive type. For more info, contact your system administrator.
Solution – Policy Misconfigured – Require device to backup recovery information to Azure AD is not Configured – It should be configured to resolve it.
Error: BitLocker cannot use Secure Boot for integrity because it is disabled.
manage-bde -protectors -get c:
This shows that PCR 7 is NOT in use / Even though the secure boot is enabled.
manage-bde -protectors c: -delete -t tpm manage-bde -protectors c: -add -tpm
Error 1: BitLocker could not be enabled
The Bitlocker encryption key cannot be obtained. Verify that the Trusted Platform Module (TPM) is enabled and ownership has been taken.if this computer does not have TPM, verify that the USB drive is inserted and available.
C: was not encrypted
Error 2: BitLocker cannot use Secure Boot for integrity because the UEFI variable ‘SecureBoot’ could not be read.
Solution for #1 and #2: Clear the TPM using TPM.msc