Operational Defect Database
BugZero found this defect 223 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft Windows Server | WI680317
BitLocker might incorrectly receive a 65000 error in MDMs
Last update date:
4/26/2024
Affected products:
Windows 11
Windows 10
Windows 10 Enterprise LTSC 2019
Affected releases:
21H2
22H2
23H2
all
Fixed releases:
Description:
Updates History
Published: 2024-04-26T23:02:59.203+00:00 ---------------------------------------- Using the FixedDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#fixeddrivesencryptiontype) or SystemDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#systemdrivesencryptiontype) policy settings in the BitLocker configuration service provider (CSP) (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important: This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. Workaround: To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. Resolution: Because this version of Windows 10 is under extended support, and the issue does not affect security or BitLocker functionality, it will not be addressed in a future update. To learn about the scope of updates for this version of Windows 10, see the Product Lifecycle FAQ - Extended Security Updates (https://learn.microsoft.com/lifecycle/faq/extended-security-updates#what-is-the-extended-security-update--esu--program-) (ESU) program. Please note, this issue remains limited to a reporting scenario only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. BitLocker encryption functionality is expected to work correctly, despite the incorrect display of this error message in this issue. Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: None Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues Published: 2023-10-31T17:05:21.327+00:00 ---------------------------------------- Using the FixedDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#fixeddrivesencryptiontype) or SystemDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#systemdrivesencryptiontype) policy settings in the BitLocker configuration service provider (CSP) (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important: This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. Workaround: To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. Next steps: We are working on a resolution and will provide an update in an upcoming release. Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: None Published: 2023-10-09T22:10:16.457+00:00 ---------------------------------------- Using the FixedDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#fixeddrivesencryptiontype) or SystemDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#systemdrivesencryptiontype) policy settings in the BitLocker configuration service provider (CSP) (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important: This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. Workaround: To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. Next steps: We are working on a resolution and will provide an update in an upcoming release. Affected platforms: - Client: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: None
Impact
"Requires Device Encryption" might incorrectly report as an error in some managed environments.
Originating KB URL
N/A
Originating Build
N/A
Resolved KB URL
N/A
Date Resolved
2024-04-26T15:58:19.8292285-07:00
