Hey guys, I set up a Bitlocker policy as follows:
On my device details it says:
But It never got activated. If I check manage-bde -status, its not encrypted.
Windows 11
Standard User
Thanks for your help
157 Views
Replies (1)
Marked SolutionPending Review
Hexnode Expert
4 weeks ago
Marked SolutionPending Review
Hello,
Thank you for reaching out.
I understand your concern regarding the OS drive not being BitLocker-encrypted, even after associating the policy via Hexnode to a Windows 11 device. Just to confirm, I hope BitLocker was enabled on the device, either through the Force BitLocker Encryption remote action or manually from the device. Because the configured settings will only take effect once encryption is enabled.
Having said that, the encryption status message: “The encryption method of the OS volume doesn’t match the BitLocker policy.” typically indicates that the OS drive was previously encrypted using a method different from the one specified in the policy (in this case, XTS-AES 256), possibly through manual configuration on the device.
To resolve this, please decrypt the drive manually and then reapply the BitLocker policy. While reconfiguring the BitLocker policy on Hexnode console, uncheck the option Configure encryption method under OS Drive Settings > Configure BitLocker OS drive policy.
This will resolve any potential encryption method conflicts and enable BitLocker encryption without any issues.
For more detailed guidance, please refer to the following help documentation:
- How to manage BitLocker?
- Troubleshoot Common Issues with BitLocker
- How to force BitLocker encryption on Windows with Hexnode UEM?
- How to force BitLocker decryption on drives?
- Rotate BitLocker Recovery Password for Drives
We hope this helps resolve the issue. Please feel free to reach out if you need further assistance, we’re happy to help!
Best regards,
George
Hexnode UEM
Save
