Q: Bitlocker Auto policy is deployed to a device but the encryption is not turning on automatically. Why?
Swif's Bitlocker policy works in these steps:
Checks are conducted in 5 - 10 minutes.
After a check, any problematic situation is identified (such as not being fully encrypted).
Then the Bitlocker Decryption process begins.
After that, the Encryption process for Full Encryption is initiated.
2 things to notice:
Turning off encryption and turning on encryption are time-consuming operations, depending on the device's storage.
It does not require a reboot.
If you want to monitor the Decryption and Encryption statuses, open a PowerShell window via "Run as Administrator" and execute the following command. During the Decryption process, you will see the 'Percentage Encrypted' value decrease, and it will increase during the Encryption process.
manage-bde.exe -status
Q: The escrow key is in Swif, but for some reason it still says unencrypted.
The encryption status is updated by the Swif agent so it will have some delay.
Q: The device can't use a Trusted Platform Module.
For Windows Pro+ devices without TPM,
Swif auto-generate the required password when enabling Bitlocker
The password will be available at the Swif Desktop app or Employee portal view
Whenever Windows reboots, it will ask for that password
For more details, please visit BitLocker Drive Encryption Support for Windows Devices.