Issue: This is a common issue for Bitlocker setup in Intune. The error could be displayed when enabling Bitlocker using Powershell script or you can obtain it from the event logs and it usually has the EVENTID 851.
To Obtain and Review The Bitlocker Log: Run Powershell as administrator and run these three scripts to obtain the ComputerName_CollectData_05_31_2024_13_05_UTC_04.ZIP which will be placed in the C:WindowsSystem32 folder; you can change the folder location if desired.
PS C:WindowsSystem32>wget https://aka.ms/intunexml -outfile Intune.xml
PS C:WindowsSystem32>wget https://aka.ms/intuneps1 -outfile IntuneODCStandAlone.ps1
PS C:WindowsSystem32>Powershell -ExecutionPolicy Bypass -File .IntuneODCStandAlone.ps1
After that, copy the ComputerName_CollectData_05_31_2024_13_05_UTC_04.ZIP to a location where you do not need administrator credentials to open the log file such as the C:Users%Username%Desktop. Unzip the ComputerName_CollectData_05_31_2024_13_05_UTC_04.ZIP and navigate to C:Users%Username%DesktopComputerName_CollectData_05_31_2024_13_05_UTC_04IntuneEventLogs and search for ComputerName_Microsoft-Windows-Bitlocker%4Bitlocker Management.evtx and open. Check the events with errors to get information about the possible cause of the bitlocker issue.
Full Error Message: Failed to enable Silent Encryption. Bitlocker drive encryption cannot be applied to this drive because there are conflicting group policy settings for recovery options on operating system drives. Storing recovery information to Active Directory Domain Services cannot be required when the generation of recovery passwords is not permitted. Please have your system administrator resolve these policy conflicts before attempting to enable bitlocker.
Solution: The problem is that the FVE (Full Volume Encryption) registry key on the computer has configurations that may be conflicting with the silent encryption. To resolve the issue, navigate to HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftFVE and delete the FVE key. Now sync the computer with Intune for the Intune Bitlocker policy to apply again.