This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 57.00000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EOM%3C/text%3E%3C/svg%3E)
I have Windows 10 Enterprise machines which joined to Azure AD and managed by Intune, which has configured Bitlocker encryption TPM+preboot PIN. When feature updates are installed on the machine and an automatic reboot is initiated, the reboot get's stuck on the Bitlocker password prompt. And installing Feature Update is failing all the time. I can install feature update when I suspend BitLocker manually. But for is not ok for me(( I have a lot of PC's with BitLocker and preboot PIN.
Also, I have an onprem machines which joined to AD and managed by SCCM and I found the solution in client settings in Configuration Manager
Suspend BitLocker PIN entry on restart
If computers require BitLocker PIN entry, then this option bypasses the requirement to enter a PIN when the computer restarts after a software installation.
Always: Configuration Manager temporarily suspends BitLocker after it has installed software that requires a restart, and it restarts the computer. This setting only applies when Configuration Manager restarts the computer. This setting doesn't suspend the requirement to enter the BitLocker PIN when the user restarts the computer. The BitLocker PIN entry requirement resumes after Windows startup.)
According to BitLocker Upgrading FAQ
No user action is required for BitLocker in order to apply updates from Microsoft, including Windows quality updates and feature updates. Users need to suspend BitLocker for Non-Microsoft software updates, such as:
Computer manufacturer firmware updates
TPM firmware updates
Non-Microsoft application updates that modify boot components
Is there a setting I can apply that makes sure the reboot doesn't get stuck at the Bitlocker screen when it's rebooting after an installing Feature Updates?
Thanks!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(240, 2%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMM%3C/text%3E%3C/svg%3E)
With defaults, it would work. You are not at defaults. Possibly you are not aware that some (other) admin set this: Setup.exe /BitLocker ForceKeepActive
If win10 feature upgrade setup is started like this, then if suspend does not work, it fails the upgrade - and with Preboot PIN set, it cannot work,
I mean that I receive Feature Update via Windows Updates which configured in Intune via Windows 10 Update Rings. Do you mean configure BitLocker settings in Intune? Something that related to required Sturtup PIN?
You receive feature updates via online update as any normal home computer would? So you do direct updating from the internet?
I cannot give a suggestion yet, since I need to know that in detail, first.
We updated hundreds of win10 installations and bitlocker with PIN is used anywhere - no problems, it suspends automatically.
I receive updates directly from the Internet. I have a configured profile in Intune. Details: https://softserveinc-my.sharepoint.com/:t:/p/omelny/EcH7jgMzDTRPl_fObtHWoX4B1rsezfQlvKGyejl6mbCTVQ?e=Xce7Yo
and one more interesting details:
Just to check if the above reply could be of help, if yes, you may mark useful reply as answer, if not, welcome to feedback.
Best regards,
Sylvia