The Windows Club

TheWindowsClub covers authentic Windows 11, Windows 10 tips, tutorials, how-to's, features, freeware. Created by Anand Khanse, MVP.

BitLocker Error 65000, Require Device Encryption

Download Windows Speedup Tool to fix errors and make PC run faster

BitLocker is a disk encryption feature designed to safeguard data stored on your device. However, some users are seeing BitLocker Error 65000. This error addresses a challenge within mobile device management (MDM) environments when using BitLocker configuration service provider Policy settings such as FixedDrivesEncryptionType and SystemDrivesEncryptionType.

BitLocker Error 65000

Even if the Bitlocker drive is already encrypted, Intune status may show error 65000 for Require encryption, and the Event Log may display a message:

BitLocker CSP: GetDeviceEncryptionComplianceStatus indicates OSV is not compliant with returned status 0x10000

Fix BitLocker Error 65000, Require Device Encryption in Windows 11/10

To fix BitLocker Error 65000, Require Device Encryption on Windows 11/10 systems, follow these suggestions:

  1. Check for Updates
  2. Check the Disk Health
  3. Set the Enforce drive encryption type on operating system drives and the Enforce drive encryption on fixed drives policies to Not Configured
  4. Disable and Re-Enable BitLocker
  5. Repair BitLocker with PowerShell

Now, let’s see these in detail.

1] Check for Updates

Microsoft is aware of this issue where BitLocker might incorrectly receive a 65000 error in MDMs, and they are expected to release a fix shortly.

Affected environments are those with the “Enforce drive encryption type on operating system drives” or “Enforce drive encryption on fixed drives” policies set to enabled and selecting either “full encryption” or “used space only”. Microsoft Intune is affected by this issue but third-party MDMs might also pe affected.

So make sure you check for Updates first and install any patches that may be offered to your system.

2] Check the Disk Health

Check your disk health by running the CHKDSK scan. CHKDSK is a Windows utility that scans and repairs system errors. It also checks if any hard drive parts are corrupted, which may cause the BitLocker error 65000. Here is how you can run a CHKDSK Scan:

  • Click on Start, search for Command Prompt, and click on Run as Administrator.
  • Type the following command and press Enter. 
    CHKDSK C:/f/r/x
  • The command won’t start running as your device’s root drive is in use. However, when you restart your PC, it’ll ask you to begin scanning.
  • Type Y, press Enter, and then reboot Windows.
  • The CHKDSK command will now start running. Wait for the procedure to complete.
  • Then power on your device and check if the error is resolved.

3] Set the Enforce drive encryption type on operating system drives and the Enforce drive encryption on fixed drives policies to Not Configured

Both these policies allow configuring the encryption type used by BitLocker Drive Encryption on system and fixed drives. As a workaround, you may disable these two policies. It will have no effect if your drive is already encrypted. Here’s how:

Press Windows + R to open Run, type gpedit.msc, and hit Enter.

In the Group Policy Editor, navigate to the following path:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives

In the right pane, double-click on the Enforce drive encryption type on operating system drives policy and select Not Configured.

BitLocker Error 65000

Once done, click OK to save the changes.

Navigate to this path once done:

Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Fixed Data Drives

In the right pane, double-click on the Enforce drive encryption on fixed data drives policy and select Not Configured.

BitLocker Error 65000

Click on OK to save the changes once done.

Restart your device once done and see if it helps.

4] Disable and Re-Enable BitLocker

Next, try disabling and re-enabling BitLocker. Sometimes, simply doing so can help fix the BitLocker error 65000.

5] Repair BitLocker with PowerShell

Repair BitLocker with PowerShell

If none of these suggestions helped you, consider repairing BitLocker. Here’s how:

  1. Click on Start, search PowerShell, and click on Run as Administrator.
  2. Type the following command and hit Enter. Make sure to replace Drive with your drive letter. 
    Repair-BitLocker -MountPoint "Drive"
  3. Restart your system once done and see if it fixes the BitLocker error 65000.

Read: The Group Policy settings for BitLocker startup options are in conflict

I hope these suggestions help you.

Which version of Windows does not support BitLocker for full disk encryption?

BitLocker is Microsoft’s full disk encryption feature. The only edition that does not support BitLocker for full disk encryption is the Windows 11/10 Home Edition.

Why can’t I use BitLocker?

If you cannot use BitLocker, check if your device meets the minimum requirements for BitLocker. These include a TPM 1.2 or later version and a TCG-compliant BIOS or UEFI firmware. Also, check for any Group Policy restrictions and drive configuration.

48 Shares

AnandK@TWC

Anand Khanse is the Admin of TheWindowsClub.com, a 10-year Microsoft MVP (2006-16) & a Windows Insider MVP (2016-2022). Please read the entire post & the comments first, create a System Restore Point before making any changes to your system & be careful about any 3rd-party offers while installing freeware.

Share via
Facebook
X (Twitter)
LinkedIn
Mix
Pinterest
Tumblr
Skype
Buffer
Pocket
VKontakte
Parler
Xing
Reddit
Line
Flipboard
MySpace
Delicious
Amazon
Digg
Evernote
Blogger
LiveJournal
Baidu
MeWe
NewsVine
Yummly
Yahoo
WhatsApp
Viber
SMS
Telegram
Facebook Messenger
Like
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap