In the Systems Manager > Settings page, administrators can now find a new BitLocker profile payload. Simply search for "BitLocker" or look for the "Windows" profiles to find it. Documentation can be found here.
This new BitLocker profile allows setting BitLocker encryption enforcement rules with various settings, such as:
- Encryption method
- OS drive settings
- PIN length
- Recovery options
- Fixed data drive settings
- Removable data drive settings
Administrators can also check for encryption as a Systems Manager security policy, to obtain a list of compliant and non compliant encrypted devices on the Systems Manager > Devices list in bulk. This will show the encryption compliance status, reason, and if BitLocker is currently enabled, disabled, or unknown (not reported yet). This security policy will also check all other OSes for encryption, such as macOS FileVault encryption, iOS encryption, and Android Work Profile encryption. So the security policy is a great way to read current encryption status in bulk for every device.
