Connect
Ask Community
Ask the community
Ask Community
  • Home
  • Windows
  • What to do with the Encrypted but Unprotected Status?

What to do with the Encrypted but Unprotected Status?Solved

Profile photo of zariah
zariah
Participant
Discussion
Hexnode UEM
3 days ago Mar 03, 2026

Hi everyone! We have two Windows devices showing the BitLocker status in the Hexnode portal as Encrypted but unprotected.” I found this article: “Protect Verification Key for BitLocker Encryption” suggesting we might need to modify our Windows policy to address this issue.

However, we’re worried that changing the policy might mess with our other devices that are already showing as “Encrypted.” We also can’t figure out why only these two machines are acting up while the rest are fine. 

Does anyone have advice on how to fix this without impacting the whole fleet? 

topic view count 21 Views

Tags

Compliance (47) Windows (328)
Reply

Replies (6)

Marked SolutionPending Review
Profile photo of douglas Veteran image
douglas
Participant
3 days ago Mar 03, 2026
Marked SolutionPending Review

@zariah , Did you verify whether the devices are encrypted from the settings?

Marked SolutionPending Review
Profile photo of zariah Veteran image
zariah
Participant
3 days ago Mar 03, 2026
Marked SolutionPending Review

@douglas , How do I do that? Is it from the device end or is there any way to check it in the Hexnode portal?

Marked SolutionPending Review
Profile photo of douglas Veteran image
douglas
Participant
3 days ago Mar 03, 2026
Marked SolutionPending Review

@zariah , You need to check at the device end.  On the affected devices, navigate to Settings > Privacy & security > Device encryption (or System > About on older versions). Check if the Device encryption toggle is set to On.

Marked SolutionPending Review
Profile photo of zariah Veteran image
zariah
Participant
3 days ago Mar 03, 2026
Marked SolutionPending Review

@douglas , the device encryption is toggled on, no problem, but the status in the portal is still unprotected.

Marked SolutionPending Review
Profile photo of elle_reed Hexnode Expert image
elle_reed
Hexnode Expert
3 days ago Mar 03, 2026
Marked SolutionPending Review

Hello @zariah , If you found that the encryption is already enabled in the device settings, please follow these steps to resolve the “unprotected” status:

  1. On the devices: Manually disable the “Encryption” setting.
  2. In the Hexnode portal: Re-associate the Windows policy with the devices to trigger a fresh handshake. You can find various methods to do this here: How to associate policy.

This force-applies the BitLocker policy. Once done, check the device status again in the Hexnode UEM portal to see if it is encrypted and protected as expected.

Regards,
Elle Reed,
Hexnode UEM.

Marked SolutionPending Review
Profile photo of zariah Veteran image
zariah
Participant
3 days ago Mar 03, 2026
Marked SolutionPending Review

@elle_reed , now the status is encrypted. Shows the same at the device end too. Thanks!

Load more
Save
Related Topics

Leaderboard

Profile photo of bram Pro image
bram
2150 pts
Profile photo of timo-liam Veteran image
timo-liam
1520 pts
Profile photo of eliiza Novice image
eliza
1372 pts
Profile photo of leo_scott Novice image
leo_scott
1347 pts
Profile photo of finn Veteran image
finn
1335 pts
View all

Popular Tags

ABM (53)
Android (472)
iOS (362)
macOS (480)
Windows (328)
Apple TV (33)
App Management (360)
Enrollment (107)
Location (30)
Kiosk (223)
Scripts (89)
ADE (49)
OS Updates (78)
Android Enterprise (143)
View all