This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(3.2, 73%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERH%3C/text%3E%3C/svg%3E)
We are using SCCM 2010 to manage our machines, including applying a BitLocker Policy that enables BitLocker encryption. We have set OS drive encryption to require TPM chip, and have set Fixed Drive encryption to auto unlock.
The waay i understand it, the settings for Fixed Drive apply to all internal fixed drives that are NOT the OS drive.
For some reason, 90% of our devices are showing up as non compliant in the BitLocker Compliance Dashboard report, even though they ARE BitLocker encrypted. If I go to these devices, they all show the same as below
As you can see, the Operating system drive is showing as compliant, but it shows as non compliant for Fixed Data Drive Compliance. I do not see why this would show as such, when the computer only has one drive (and this is the OS drive, which is compliant). For some machines (about 10%) the machines show as compliant for both Operating System AND Fixed Data Drive.
Please can someone explain why this is happening and how to remedy it, because at the moment, the BitLocker Compliance reports are useless
So the 2010 HFRU seems to have resolved the issue - https://support.microsoft.com/en-us/topic/update-rollup-for-microsoft-endpoint-configuration-manager-current-branch-version-2010-403fa677-e418-e39d-6eb6-f279ea991a95
Installed this and after machiens updated their client, they seem to be showing as properly compliant now :-)
Thank you for posting in Microsoft Q&A forum.
Maybe we could check the status of the bitlocker policy on client side like the image shown below:
Have a good day!
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi. Here is the report from one of the machines. This has one drive, that IS BitLocker encrypted. SCCM shows OS Drive as compliant, but Fixed drive non compliant
Thank you for the update.
Yes, what we provided seems that the problem is caused by the noncompliant of fixed drive, which seems not very reasonable.
In this case, to help the customer solve problems, Microsoft also attaches great importance to the voice of users. It's recommended that we could use the following user voice link to submit our suggestion:
https://configurationmanager.uservoice.com/forums/300492-ideas
At the same time, I will try the best to deliver the information to the product team to see if they have some additional comments, but not guaranteed. once there is a reply, i will get back to you at the first time.
Thank you for your kind understanding and have a nice weekend!
Hi. i just saw that there is a hotfix available for SCCM 2010, and this includes a fix for the issue I described here - https://support.microsoft.com/en-us/topic/update-rollup-for-microsoft-endpoint-configuration-manager-current-branch-version-2010-403fa677-e418-e39d-6eb6-f279ea991a95
I will be implementing this hotfix net week to see if it resolves the issue
Thanks for the kindly reply and we're looking forward to hearing the good news!
If there is any other assistance we could provide, please feel free to let us know, we will do our best to help you.
Have a good day!