Microsoft says BitLocker 65000 error is being incorrectly reported by Intune

Ashwin
Oct 13, 2023
Microsoft
|
0

Windows 10 and Windows 11 clients may display a BitLocker 65000 error. Microsoft has acknowledged the issue, and has provided a workaround for the problem.

Admins may run into the error in their mobile device management (MDM), such as the company's own cloud-based endpoint management solution, Microsoft Intune. As Neowin reports, the Redmond company has published some details about the BitLocker 65000 error on the Windows Health Dashboard. It states that affected clients might incorrectly show the error code for the "Require Device Encryption" setting. This problem is not exclusive to Microsoft Intune, the company says that it may also impact other MDMs, though the scope of this remains unclear.

What is causing the 65000 error?

The bug has been narrowed down to the FixedDrivesEncryptionType and SystemDrivesEncryptionType policy settings under the BitLocker configuration service provider (CSP) node that is used by Enterprises to manage end-points. The error may show up if either of these policies have been configured. If you have not set up the rules in your environment, the clients will not have the error status.

More specifically, it only happens when the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies are to set to enabled, and the security level has been configured for "full encryption" or "used space only".

Microsoft says that the 65000 error code related to BitLocker is only a reporting issue, i.e. it has been confirmed that the bug does not affect the drive's encryption. The issue does not prevent other errors from being reported by MDMs, including any other issues that may be related to BitLocker. So it is more of an annoyance than an actual feature-breaking issue.

The problem has been reported by users over the past couple of weeks, and some of them say that the error was indeed just being displayed incorrectly, while the computers in their environment had been encrypted and were working normally.

Bitlocker 65000 error code microsoft intune

(Image via: reddit)

How to fix the BitLocker 65000 error code?

Microsoft has suggested a workaround for the issue. Admins can use Microsoft InTune to set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. While this may not be welcome news for admins, it is worth noting that this does not actually disable encryption on the endpoints.  It will help mitigate the problem, i.e. by removing the incorrect reports, as we wait for Microsoft to work on a solution and release a patch to fix the bug. It may take a while for the status to be updated after you have made the changes.

microsoft intune windows encryption

(Image credit: Microsoft)

Please refer to the official documentation on Microsoft's support portal, to learn more about how to manage the BitLocker Policy with Intune.

The BitLocker error impacts the following clients: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019. Windows Server systems are not affected by the problem.

Microsoft Defender for Endpoint is now capable of stopping human-operated attacks such as ransomware automatically. The company says the enhanced security protocol was added via improvements made to the software's Automatic Attack Disruption.

Summary
Microsoft says BitLocker 65000 error is being incorrectly reported by Intune
Article Name
Microsoft says BitLocker 65000 error is being incorrectly reported by Intune
Description
Microsoft confirms that the BitLocker 65000 error is just a reporting error in Intune.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.