Microsoft has successfully addressed a known issue that led to incorrect BitLocker drive encryption error messages appearing in certain managed Windows environments. The problem, which affected platforms including Windows 11 versions 21H2/22H2, Windows 10 versions 21H2/22H2, and Windows 10 Enterprise LTSC 2019, specifically impacted environments where drive encryption was enforced for operating system and fixed drives. The bug manifested through the BitLocker configuration service provider (CSP) node in mobile device management (MDM) apps, displaying a 65000 error in the ‘Require Device Encryption’ setting for some devices.
Update Deployment
To rectify this issue, Microsoft released the KB5034204 preview update for Windows 11 on January 23 and the KB5034763 cumulative update for Windows 10 on February 13. These updates ensure that the BitLocker drive encryption error reporting functions as intended, eliminating the false error messages administrators were encountering. It’s important to note, however, that Microsoft has decided not to issue a fix for Windows 10 Enterprise LTSC 2019, which is currently under extended support. The company justifies this decision by highlighting that the bug is confined to reporting scenarios and does not affect the actual encryption of drives or the reporting of other device issues.
Mitigation and Ongoing Support
For administrators managing Windows 10 Enterprise LTSC 2019 systems, Microsoft recommends a workaround that involves setting the “Enforce drive encryption on fixed drives” or “Enforce drive encryption type on operating system drives” policies to “not configured” within Microsoft Intune. This approach serves as a temporary mitigation until systems can be updated or replaced with versions that include the fix.
Last Updated on November 7, 2024 8:46 pm CET