I think you are talking about a custom compliance policy you have built.
https://learn.microsoft.com/en-us/mem/intune/protect/compliance-custom-script
You can try something like this for checking for pin.
CustomCompliance.ps1
# Get-BitlockerTPMPinStatus Function
function Get-BitlockerTPMPinStatus() {
if ($(Get-BitLockerVolume -MountPoint $env:SystemDrive).KeyProtector.KeyProtectorType -contains 'TpmPin' -eq $true) {
Write-Output -InputObject "TPMPINSET"
}
elseif(($(Get-BitLockerVolume -MountPoint $env:SystemDrive).KeyProtector.KeyProtectorType -contains 'TpmPin' -eq $false)) {
Write-Output -InputObject "TPMPINNOTSET"
}else {
Write-Output -InputObject $LASTEXITCODE
}
}
# Return Bitlocker TPM Pin status to Intune in JSON format
$BitlockerPinStatus = Get-BitlockerTPMPinStatus
$hash = @{BitlockerTPMPinStatus = $BitlockerPinStatus}
return $hash | ConvertTo-Json -Compress
CustomCompliance.json
{
"Rules":[
{
"SettingName":"BitlockerTPMPinStatus",
"Operator":"IsEquals",
"DataType":"String",
"Operand":"TPMPINSET",
"MoreInfoUrl":"https://PlaceholderForKB.com",
"RemediationStrings":[
{
"Language":"en_US",
"Title":"Bitlocker startup pin is required.",
"Description": "Bitlocker startup pin is required."
}
]
}
]
}