Compliance policy marks encrypted device noncompliant

MSP Toolkit
Minimal guidance for messy support realities.
Submitted by Anonymous (not verified) on

Scenario

A device is encrypted and functioning, but compliance still reports BitLocker as not compliant.

Recommended Resolution Path

  1. Compare the encryption state reported locally with what Intune and Entra are receiving.
  2. Check whether the wrong drive or protector type is being evaluated.
  3. Force a sync and verify recovery key escrow completed successfully.
  4. If reporting lags repeatedly, document the delay so support can set expectations accurately.

Technician Notes

Document what changed, what confirmed the fix, and whether the issue points to a broader standards gap worth addressing for the client.

Subjects
Endpoints
Device Management