Microsoft Security | Intune | Configuration Manager | Deployment
Deploying software and updates using Configuration Manager
What does it say in BitLocker API event log? Are you able to encrypt manually?
BitLocker Not Auto-Enabling During Deployment via Configuration Manager
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(140.8, 5%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESK%3C/text%3E%3C/svg%3E)
Suresh Kumar
60
Reputation points
While deploying the BitLocker policy, we are encountering the below error. BitLocker is not being enabled automatically during the process.
We have verified that both TPM and Secure Boot are functioning correctly. However, the following prompt appears:
“BitLocker could not be enabled. The BitLocker encryption key cannot be obtained. Verify that the Trusted Platform Module (TPM) is enabled and ownership has been taken...”
Looking for guidance on why this occurs and how to ensure BitLocker encryption starts automatically through Configuration Manager.
Microsoft Security | Intune | Configuration Manager | Deployment
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(230.39999999999998, 69%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERJ%3C/text%3E%3C/svg%3E)
Rahul Jindal 11,501 Reputation points2025-12-05T18:34:15.5866667+00:00 -
Suresh Kumar 60 Reputation points
2025-12-05T18:37:10.0566667+00:00 Thanks for your response. Manually it's working. I just wanted to enable bitlocker without touching the client machine.
Sign in to comment -