This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I have Compliance Policy which requires Bitlocker. I have one laptop without TPM and without bitlocker. This laptop is in the same device group with others and should be not compliant. But it has been compliant for days. When I track status of this device, I see Not Applicable for Bitlocker. What I possibly have done wrong..?
@Pavel yannara Mirochnitchenko Thanks for posting in our Q&A.
For this issue, I have done the test in my lab. The result is the same as yours. It seems a known issue. It couldn't mark Windows devices with 'Not Applicable' compliance policies as non-compliant.
I have done a lot of research. I find that someone has fed back the similar issue in the intune uservoice.
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/36315436-mark-windows-devices-with-not-applicable-complia
Given this situation, it is suggested to create an online support ticket to feedback this issue more effectively. Here is the online support link and hope it helpful.
https://learn.microsoft.com/en-us/mem/get-support
Thanks for understanding.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
UserVoice post from 2018... not sure do I wanna cry or laught..
The most effective method is to open an online support ticket to feedback this issue. It's the fastest and most direct.
The compliance state in Intune is a bit flaky. Is the device actually encrypted?
No it is not.
Then that is the part to focus on in my opinion. Sharing some links for reference.
No, that is not the issue here. I want to know why Compliance is working like this, I am not interested in solving bitlocker issues in this scenario.
The half of solution was to set TPM state to be required in Compliance policies, which then turned the computer to be non-compliant. But I don't think it is enough, because you may have computers with TPM but still bitlocker is not enabled. Or you may have computers without TPM, but Bitlocker would be enabled with Password.