Sign in to the Intune portal and go to “ Device Configuration ”, and then under “Monitor” select “Encryption report”. For devices registered with Intune, use the Intune Encryption report to determine the status. What if you want to review more than one computer at a time? Use Azure AD or Intune to review the status. If you need to determine if BitLocker is enabled remotely, add the name of the computer to the command: manage-bde -status -computername **computername** Finding multiple BitLocker-enabled devices If the device does not have BitLocker, it will indicate the drive is fully decrypted. The manage-bde -status c: command indicates whether BitLocker is enabled on the device.
Using PowerShell to find BitLocker-enabled devices In the meantime, what can you do to inventory your network to determine which devices have BitLocker? Plenty. Microsoft recently announced that it will add advanced management tools to track and manage BitLocker in the coming months to SCCM and Intune. BitLocker is designed to be silent, so much so that you might forget which machines have it enabled and which ones do not.
When you patch, BitLocker is normally silent and doesn’t interfere in the patching process. It reminded me that we often forget which devices have BitLocker.
ONLINE BITLOCKER RECOVERY KEY GENERATOR UPDATE
A recent Microsoft Support knowledgebase article and servicing stack update for Windows operating systems offers a fix for a race condition issue introduced by a secure boot feature update, which caused patching to trigger a BitLocker recovery password.