You can't use dynamic disks or Remote Desktop.
BitLocker does not support dynamic disks. The endpoints send an event to Sophos Central to notify you that encryption failed. This is because a system volume on a dynamic disk cannot be encrypted. Data volumes on dynamic disks are simply ignored.
When using a Windows endpoint through Remote Desktop that has the Sophos Central agent software installed, no dialogs are displayed and device encryption will NOT be enforced if an encryption policy is deployed. Enabling encryption would result in a reboot sequence to verify compatibility of the hardware. The user needs to be able to enter PIN / passphrase in the pre-boot environment and this cannot be done through Remote Desktop.