BitLocker Network-Unlock with Surface Laptop 5 ?

Posted by UnluckyJelly@reddit | sysadmin | View on Reddit | 1 comments

We have been using Bitlocker network unlock with Surface Laptop 2's and 4's Pro 6 and 8th's. Devices all have SEMM profiles ( locks and control EFI settings). Now MS is sending use Laptop 5 devices as warranty replacements for LP4's and Bitlocker network unlock no longer works, At book the Ethernet port of the Surface Docks 1 or 2 show no IPV6 DHCP network lock request.

I suspect a firmware bug with LP5's Anyone here have this working with Laptop 5 ?

[-]

UnluckyJelly@reddit (OP)

3 months after opening a ticket with MS, back and forth they finally get on the ball and start testing this internally, We go out and purchase a Laptop 6 for business and a Surface Pro 10, both these device also do not work with Bitlocker network unlock. In the same environment where our laptop 4's and Pro 8's are working fine.

Ms finally found the issue this week the new Surface device after the Laptop 5, have new feature in the EFI setting called "secure core" when enabled Bitlocker Network unlock will just Never work. Secure core = Off and if your Surface has secure boot enable a SEMM profile and properly configured Bitlocker Network unlock it will work.

It seems we are only firm in world using BitLocker network unlock with surface devices in 2024. But if anyone else is having issue trying to get this work your solution is disable "secure core" I will update this thread if MS does make any firmware change in the future to allow Network - unlock to with in conjunction with Secure core.