I encountered this error in out own cloud-based endpoint management solution, Microsoft Intune. It is indeed quite annoying. How can this error be resolved to prevent it from recurring?
Microsoft says this 65000 BitLocker error is being incorrectly reported by Intune, and it won’t affect the normal operation of BitLocker encryption.
Last October, Microsoft has confirmed this issue affecting all Windows client versions, including Windows 11 22H2/21H2, Windows 10 22H2/21H2, and Enterprise LTSC 2019. And this issue relates to BitLocker Configuration Service Provider (CSP) encryption reporting. Enterprises usually utilize it to manage BitLocker encryption for PCs.
The bug may be related to the FixedDrivesEncryptionType and SystemDrivesEncryptionType policy settings. If you have configured either of these, it could lead to this error state.
Microsoft has officially declared that the 65000 BitLocker encryption error has been resolved through the Windows update released on January 23, 2024 (KB5034203) and later versions. If your Windows version is lower than this, you should update your Windows to fix it.
Steps Start -> Settings -> Update & Security -> Windows Update -> Check for updates
If you do not want to trigger BitLocker Recovery Screen after the Windows update, remember to suspend BitLocker before updating.
To resolve the BitLocker drive encryption error with code 65000, you can disable the policies that specify the encryption types for the operating system and fixed drives. Steps are as follows:
Step 1 Press Windows + R to open run dialog. Type "gpedit.msc" and press Enter.
Step 2 Set "SystemDrivesEncryptionType" to Not Configured:
In the Group Policy Editor, navigate to:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
Double-click "Enforce drive encryption type for operating system drives", then select "Not Configured". Click Apply to save settings.
Step 3 Set "FixedDrivesEncryptionType" to Not Configured:
In the Group Policy Editor, navigate to:
Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives
Double-click "Enforce drive encryption type for fixed data drives", then select "Not Configured". Click Apply, and then restart your device to check if the issue is resolved.
Note: This will not affect drives that are already encrypted.
This error may occur when the "Enforce drive encryption type on operating system drives" or "Enforce drive encryption on fixed drives" policies in Microsoft Intune are to set to enabled, and the security level has been configured for "full encryption" or "used space only".
Configure Intune BitLocker policy is also a feasible way to solve this error:
Follow the Microsoft official documentation to use Microsoft Intune to set the "Enforce drive encryption type on operating system drives" or "Enforce drive encryption on fixed drives" policies to not configured.
Note: The effect of this operation is similar to the method described above, and this won’t actually disable encryption on the endpoints.
There are many possible reasons for this error.Before start, type "Manage BitLocker" in the search box to check if you can access to the BitLocker Drive Encryption panel.
Lydia
BitLocker encryption requires the drive to be unlocked before accessing any data stored on it. The primary reason you can't open software on a BitLocker-encrypted drive is that the drive hasn't been unlocked yet.
Benjamin
Many people have encountered the same issue as you. Reinstalling the system will trigger the BitLocker and enter into BitLocker recovery blue screen.
Lydia
Firstly you need to assign a drive letter to each disk and USB flash drive to identify the different BitLocker encrypted drives.
Lydia
