Microsoft says BitLocker 65000 error is being incorrectly reported by Intune
Windows 10 and Windows 11 clients may display a BitLocker 65000 error. Microsoft has acknowledged the issue, and has provided a workaround for the problem.
Admins may run into the error in their mobile device management (MDM), such as the company's own cloud-based endpoint management solution, Microsoft Intune. As Neowin reports, the Redmond company has published some details about the BitLocker 65000 error on the Windows Health Dashboard. It states that affected clients might incorrectly show the error code for the "Require Device Encryption" setting. This problem is not exclusive to Microsoft Intune, the company says that it may also impact other MDMs, though the scope of this remains unclear.
What is causing the 65000 error?
The bug has been narrowed down to the FixedDrivesEncryptionType and SystemDrivesEncryptionType policy settings under the BitLocker configuration service provider (CSP) node that is used by Enterprises to manage end-points. The error may show up if either of these policies have been configured. If you have not set up the rules in your environment, the clients will not have the error status.
More specifically, it only happens when the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies are to set to enabled, and the security level has been configured for "full encryption" or "used space only".
Microsoft says that the 65000 error code related to BitLocker is only a reporting issue, i.e. it has been confirmed that the bug does not affect the drive's encryption. The issue does not prevent other errors from being reported by MDMs, including any other issues that may be related to BitLocker. So it is more of an annoyance than an actual feature-breaking issue.
The problem has been reported by users over the past couple of weeks, and some of them say that the error was indeed just being displayed incorrectly, while the computers in their environment had been encrypted and were working normally.
(Image via: reddit)
How to fix the BitLocker 65000 error code?
Microsoft has suggested a workaround for the issue. Admins can use Microsoft InTune to set the “Enforce drive encryption type on operating system drives” or "Enforce drive encryption on fixed drives" policies to not configured. While this may not be welcome news for admins, it is worth noting that this does not actually disable encryption on the endpoints. It will help mitigate the problem, i.e. by removing the incorrect reports, as we wait for Microsoft to work on a solution and release a patch to fix the bug. It may take a while for the status to be updated after you have made the changes.
(Image credit: Microsoft)
Please refer to the official documentation on Microsoft's support portal, to learn more about how to manage the BitLocker Policy with Intune.
The BitLocker error impacts the following clients: Windows 11, version 22H2; Windows 10, version 22H2; Windows 11, version 21H2; Windows 10, version 21H2; Windows 10 Enterprise LTSC 2019. Windows Server systems are not affected by the problem.
Microsoft Defender for Endpoint is now capable of stopping human-operated attacks such as ransomware automatically. The company says the enhanced security protocol was added via improvements made to the software's Automatic Attack Disruption.
