We identified a BitLocker encryption issue impacting Windows 10 and Windows 11 devices managed through Microsoft Intune. During deployment, several endpoints failed to encrypt and displayed BitLocker error messages related to policy enforcement. After detailed troubleshooting, we discovered the problem is isolated to two specific **HP EliteBook models—830 G6 and 830 G5—**while other HP devices successfully complete OS volume encryption without errors. This highlights a compatibility gap between BitLocker policies, Intune management, and hardware models that administrators should be aware of.
The BitLocker encryption was failing on multiple devices, resulting in the following errors.
Error1:
The encryption method of the OS volume doesn’t match the BitLocker policy. To encrypt drives, the BitLocker policy requires either the user to sign in as an Administrator or if the device is joined to Microsoft Entra ID, the AllowStandardUserEncryption policy must be set to 1.
Error2:
The encryption method of the OS volume doesn’t match the BitLocker policy.
The devices were showing the following details:
- Encryption readiness: Not ready, Encryption status: Not encrypted
- Encryption readiness: Ready, Encryption status: Not encrypted
Cause & Solution
Following guidance from Microsoft Support, we enabled specific settings within the BitLocker policy. After applying these changes, Windows 10 and Windows 11 devices managed through Microsoft Intune began encrypting successfully. However, Microsoft could not provide a definitive explanation as to why the issue impacts only two hardware models—the HP EliteBook 830 G6 and HP EliteBook 830 G5—while other HP devices complete OS volume encryption without errors.
BitLocker Base Settings:
- Warning to other disk encryption: Block
- Allow standard users to enable encryption during Microsoft Entra join: Allow
- Configure encryption methods: Enable
Related Posts
- Win32 App Deployment failed with error code 0x80070643
- Win32 App Deployment Failed with Error 0x87D1041C
- Win32 App Deployment failed with error 0x87D300C9
- Win32 App failed with error code 0x80070653
- That account info didn’t work – error when disconnecting Windows 10 / 11 Work or School account
- Intune – Windows 10 MDM- Basic troubleshooting
- Deploying Microsoft 365 Apps Stuck in Downloading in Company Portal
- Windows 10 / 11 Operating System Build Versions
- MDM Enroll: Device Credential, Failed (Unknown Win32 Error code : 0xcaa9001f
- Microsoft Endpoint Manager: Error Code Reference
- Intune Bulk Enrollment with Provisional Package failed Error 0xCAA2000C
- How to Fix Intune Win32 App Deployment Error 0x87D30006
Subscribe to Techuisitive Newsletter
Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.