Operational Defect Database
BugZero found this defect 201 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
Microsoft Windows Server | WI686191
BitLocker might incorrectly receive a 65000 error in MDMs
Last update date:
4/26/2024
Affected products:
Windows 11
Windows 10
Windows 10 Enterprise LTSC 2019
Affected releases:
21H2
22H2
23H2
all
Fixed releases:
Description:
Updates History
Published: 2024-04-26T23:02:05.92+00:00 ---------------------------------------- Using the FixedDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#fixeddrivesencryptiontype) or SystemDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#systemdrivesencryptiontype) policy settings in the BitLocker configuration service provider (CSP) (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important: This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. Workaround: To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. Resolution: This issue was resolved by Windows updates released January 23, 2024 (KB5034204 (https://support.microsoft.com/help/5034204)), and later. We recommend you install the latest security update for your device. It contains important improvements and issue resolutions, including this one. Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: None Click here (https://admin.microsoft.com/Adminportal/Home?#/windowsreleasehealth/:/wrhpreferences) to manage email notifications for Windows known issues Published: 2023-10-31T17:02:36.757+00:00 ---------------------------------------- Using the FixedDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#fixeddrivesencryptiontype) or SystemDrivesEncryptionType (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp#systemdrivesencryptiontype) policy settings in the BitLocker configuration service provider (CSP) (https://learn.microsoft.com/windows/client-management/mdm/bitlocker-csp) node in mobile device management (MDM) apps might incorrectly show a 65000 error in the "Require Device Encryption" setting for some devices in your environment. Affected environments are those with the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies set to enabled and selecting either "full encryption" or "used space only". Microsoft Intune is affected by this issue but third-party MDMs might also pe affected. Important: This issue is a reporting issue only and does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. Workaround: To mitigate this issue in Microsoft Intune, you can set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. Next steps: We are working on a resolution and will provide an update in an upcoming release. Affected platforms: - Client: Windows 11, version 23H2; Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019 - Server: None
Impact
"Requires Device Encryption" might incorrectly report as an error in some managed environments.
Originating KB URL
N/A
Originating Build
N/A
Resolved KB URL
https://support.microsoft.com/en-us/topic/5034204
Date Resolved
2024-01-23T14:00:00-08:00
