Troubleshooting automatic BitLocker encryption on a VM
The two most common reasons why BitLocker automatic encryption does not kick in are:
- The BitLocker policy is not configured correctly.
- BitLocker drive encryption cannot start if there is a removal drive in the device.
When you install a test device in your local Hyper-V environment, you need to do it from an ISO. That ISO is mounted on the device and, therefore, is seen as bootable media:
![](https://static.packt-cdn.com/products/9781835468517/graphics/Images/B21988_07_34.png)
Figure 7.34: Bootable media detected
As you can see in the screenshot above, this has nothing to do with Microsoft Intune, but with how Windows functions. There is a quick fix: just unmount the ISO in Hyper-V and then do an MDM sync or reboot the device and BitLocker encryption will start.