question

yannara avatar image
0 Votes"
yannara asked yannara answered

Laptop without bitlocker stays compliant

I have Compliance Policy which requires Bitlocker. I have one laptop without TPM and without bitlocker. This laptop is in the same device group with others and should be not compliant. But it has been compliant for days. When I track status of this device, I see Not Applicable for Bitlocker. What I possibly have done wrong..?

130939-image.png


mem-intune-generalmem-intune-device-configurationsmem-intune-conditional-access
image.png (20.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LuDaiMSFT-0289 avatar image
1 Vote"
LuDaiMSFT-0289 answered LuDaiMSFT-0289 commented

@yannara Thanks for posting in our Q&A.

For this issue, I have done the test in my lab. The result is the same as yours. It seems a known issue. It couldn't mark Windows devices with 'Not Applicable' compliance policies as non-compliant.

I have done a lot of research. I find that someone has fed back the similar issue in the intune uservoice.
https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/36315436-mark-windows-devices-with-not-applicable-complia

Given this situation, it is suggested to create an online support ticket to feedback this issue more effectively. Here is the online support link and hope it helpful.
https://docs.microsoft.com/en-us/mem/get-support

Thanks for understanding.


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

UserVoice post from 2018... not sure do I wanna cry or laught..

0 Votes 0 ·

The most effective method is to open an online support ticket to feedback this issue. It's the fastest and most direct.

1 Vote 1 ·
RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered yannara commented

The compliance state in Intune is a bit flaky. Is the device actually encrypted?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No it is not.

0 Votes 0 ·
RahulJindal-2267 avatar image
0 Votes"
RahulJindal-2267 answered yannara commented

Then that is the part to focus on in my opinion. Sharing some links for reference.

intune-bitlocker-silent-and-automatic.html


ts-bitlocker-intune-issues


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

No, that is not the issue here. I want to know why Compliance is working like this, I am not interested in solving bitlocker issues in this scenario.

0 Votes 0 ·
yannara avatar image
0 Votes"
yannara answered

The half of solution was to set TPM state to be required in Compliance policies, which then turned the computer to be non-compliant. But I don't think it is enough, because you may have computers with TPM but still bitlocker is not enabled. Or you may have computers without TPM, but Bitlocker would be enabled with Password.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.