Using SM across a mixed estate of MacOS, iOS and Win10 endpoints.
All working well, apart from the inability to audit or manage Disk encryption on the Win10 endpoints. I understand there was a trial of this last year, but no current capabilities.
Can anyone advise:
I don't know the answers. I know you can use the command 'manage-bde –status' to get the bitlocker status. You can probably get it via some Powershell API as well.
You would need to write a script to retrieve the info and then store it somehwhere.
Sure that works locally in a Powershell terminal with Admin rights....
Can I run a powershell script remotely via system manager? I have a number of remote endpoints on different networks, no relevant Domain etc.
Anyone else able to assist?
Meraki Support not answered a Case in several days - amazed that anyone using Meraki on a Windows Endpoints does not audit Bitlocker status?
We push Powershell scripts to Windows endpoints wrapped as .msi. Script enables encryption on remote machines and reports back to a VM in Azure with encryption status and recovery key. Didn't implement an audit (waiting for Meraki to do it), but it is fairly easy to run a script as a scheduled task and report Bitlocker status on a regular basis to some kind of a centralised location.
Once device is encrypted, we add "encrypted" to notes field but that's about it. We are not happy with all these workarounds we have to do to fix a piece of functionality which should be there out of the box. Monitoring encryption status is possible and not hard to implement but MDM is still in early stages of rollout so this is not high on our list of priorities.
At our last meeting with Meraki they were quite surprised to hear what we do with scripts. As far as I understood them, they are still trying to prioritize which MDM controls to implement for Win 10 platform.