A friend in the community asked if I had see the following error before in Intune. The dreaded -2016281112 (Remediation failed) error for BitLocker encryption.

IMG_20200229_091643.jpg

It’s pretty generic, but I asked him to take a look at the BitLocker event logs and dig further. Off he went and he kept digging and scratching for a while.

Eventually, he came back and told me that the devices supplied to them were already encrypted with the XTS-AES 128-bit  algorithm and the policy set in Intune for Windows Encryption had been configured for XTS-AES 256-bit. Unfortunately, you can’t just switch algorithm, the devices need to be decrypted and then set to 256 for encryption.

Rather than do this, they accepted the default and set the Configure encryption methods setting to Not Configured.

Screenshot_20200229_092953_com.android.chrome_2.jpg