This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(57.599999999999994, 77%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESM%3C/text%3E%3C/svg%3E)
Hello,
I'm seeking guidance on monitoring endpoint encryption status for devices managed through Microsoft Intune. Specifically, I want to determine the percentage of endpoints that have encryption enabled on their drives, such as BitLocker full disk encryption.
Is there a method, PowerShell script, command, API, Intune policy, or any other approach available that can help me collect this data? I'd greatly appreciate it if someone could provide an example of how to use these methods effectively to monitor endpoint encryption compliance within an Intune-managed environment.
Example:
For instance, if 89% of endpoints have BitLocker enabled, how can I verify this and ensure compliance?
Your expertise and assistance in achieving this are greatly appreciated.
Thank you for your help.
Best regards,
Swahela Mulla
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(188.79999999999998, 35%, 28%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZM%3C/text%3E%3C/svg%3E)
@Swahela Mulla,Thanks for posting in Q&A.
From your description, I know that you are looking for a method to monitor the percentage of endpoints that have encryption enabled.
Based on my testing, I found that you can check it in Intune. Location: Microsoft Intune admin center > Devices > Monitor > Encryption report.
In the page, you can see how many devices have enabled BitLocker. Also, you can export the report and the format of this report is excel. Then you can convert data in excel into percentage format through some operations.
Hope this can be helpful.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Hi @ZhoumingDuan-MSFT ,
I know this way, but how can we achieve this programmatically?
I want to fetch these details with PowerShell.
@Swahela Mulla,Thanks for your reply.
Based on my testing, I found that you can use command "Get-IntuneManagedDevice | Where-Object {$_.isEncrypted -eq "true" }" to filter out that how many devices have enabled Bitlocker.
However, there is no related command to fetch the Encryption report via PowerShell.
Thanks for your kind understanding.
@Swahela Mulla,Hope everything is going well.
May I know the information above solved the issue? If there is any update, feel free to contact me.