Non-compliance codes

Applies to: Configuration Manager (current branch)

WMI on the client provides the following non-compliance codes. It also describes the reasons why a particular device reports as non-compliant.

There are various methods to view WMI. For example, use the following PowerShell command:

(Get-WmiObject -Class mbam_Volume -Namespace root\microsoft\mbam).ReasonsForNoncompliance

Tip

If the device is compliant, this command doesn't return anything.

You can also check the Compliant attribute of this class, which is 1 if the device is compliant.

Non-compliance code	Reason for non-compliance
0	Cipher strength not AES 256.
1	BitLocker policy requires this volume to be encrypted, but it isn't.
2	BitLocker policy requires this volume to not be encrypted, but it is.
3	BitLocker policy requires this volume use a TPM protector, but it doesn't.
4	BitLocker policy requires this volume use a TPM+PIN protector, but it doesn't.
5	BitLocker policy doesn't allow non-TPM machines to report as compliant.
6	Volume has a TPM protector, but the TPM isn't visible.
7	BitLocker policy requires this volume use a password protector, but it doesn't have one.
8	BitLocker policy requires this volume not use a password protector, but it has one.
9	BitLocker policy requires this volume use an auto-unlock protector, but it doesn't have one.
10	BitLocker policy requires this volume not use an auto-unlock protector, but it has one.
11	BitLocker detects a policy conflict, which prevents it from reporting this volume as compliant.
12	A system volume is needed to encrypt the OS volume, but it isn't present.
13	Protection is suspended for the volume.
14	Auto-unlock protector is unsafe unless the OS volume is encrypted.
15	Policy requires minimum cypher strength is XTS-AES-128 bit, actual cypher strength is weaker.
16	Policy requires minimum cypher strength is XTS-AES-256 bit, actual cypher strength is weaker.

Feedback

Was this page helpful?