Windows 10/11: Bitlocker Error 65000 in MDM fixed

Windows[German]Since October 2023 there has been a known issue with Bitlocker under Windows 10 and Windows 11, which can lead to problems with administration using MDMs. An error 65000 was then reported by Bitlocker. The problem was then fixed with preview updates in January 2024. But Microsoft did not make the information public until April 26, 2024.


Advertising

Bitlocker error 65000 for MDM devices

Since October 2023, Microsoft has been aware of the possibility of problems with Bitlocker encryption in environments managed via mobile device management (MDM) solutions such as Intune or by third-party providers. An April 26, 2024 entry titled BitLocker might incorrectly receive a 65000 error in MDM in the Windows Health Status section states that when using the FixedDrivesEncryptionType or SystemDrivesEncryptionType policy settings in the BitLocker Configuration Service Provider (CSP) node in Mobile Device Management (MDM) apps, some devices in the managed environment might incorrectly receive a 65000 error in the "Device encryption required" setting.

Affected are environments, in which the policies "Enforce drive encryption type on OS drives" or "Enforce drive encryption on fixed drives" are enabled and either "full encryption" or "disk space only" is selected. Microsoft Intune is affected, but Microsoft also says that third-party MDMs may also be affected. In the Known Issues entry, Microsoft writes that only Windows clients of the following Windows versions are affected by this bug.

  • Windows 11 Version 21H2, 22H2 – 23H2
  • Windows 10, Version 21H2 – 22H2
  • Windows 10 Enterprise LTSC 2019

Microsoft emphasizes that this was solely a reporting issue that does not affect drive encryption or the reporting of other issues on the device, including other BitLocker issues. To mitigate this issue in Microsoft Intune, administrators can set the policies "Enforce drive encryption type on operating system drives" or "Enforce drive encryption on fixed drives" to not configured.

Fix already in January 2024

Microsoft says in the article BitLocker might incorrectly receive a 65000 error in MDM,  that this problem was fixed by Windows updates released on January 23, 2024 (e.g. KB5034204 for Windows 11 23H2) and later. Bitlocker is mentioned in the list of fixed issues (see Windows 11 23H2/22H2: Preview Update KB5034204 (January 23, 2024), for example, the cumulative update KB5034765 for Windows 11 22H2 – 23H2 was released, which also contained the fix. I read the information from the colleagues at Bleeping Computer that the fix will not be ported back for Windows 10 Enterprise LTSC 2019, which is in Extended Support (it is only a reporting problem).

Similar articles:
Patchday: Windows 10 Updates (February 13, 2024)
Patchday: Windows 11/Server 2022 Updates (February 13, 2024)


Advertising


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in issue, Windows and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *