Monitoring Endpoint Encryption and Percentage of Drives with Encryption Enabled Using Intune (Device Encryption Status)

Question

Hello,

I'm seeking guidance on monitoring endpoint encryption status for devices managed through Microsoft Intune. Specifically, I want to determine the percentage of endpoints that have encryption enabled on their drives, such as BitLocker full disk encryption.

Is there a method, PowerShell script, command, API, Intune policy, or any other approach available that can help me collect this data? I'd greatly appreciate it if someone could provide an example of how to use these methods effectively to monitor endpoint encryption compliance within an Intune-managed environment.

Example:

For instance, if 89% of endpoints have BitLocker enabled, how can I verify this and ensure compliance?

Your expertise and assistance in achieving this are greatly appreciated.

Thank you for your help.

Best regards,

Swahela Mulla

Answer 1

@Swahela Mulla,Thanks for posting in Q&A.

From your description, I know that you are looking for a method to monitor the percentage of endpoints that have encryption enabled.

Based on my testing, I found that you can check it in Intune. Location: Microsoft Intune admin center > Devices > Monitor > Encryption report.

In the page, you can see how many devices have enabled BitLocker. Also, you can export the report and the format of this report is excel. Then you can convert data in excel into percentage format through some operations.

Hope this can be helpful.

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.