Bitlocker status audit via System Manager

ChemistryGP
Here to help

Bitlocker status audit via System Manager

Hi,

 

Using SM across a mixed estate of MacOS, iOS and Win10 endpoints.

 

All working well, apart from the inability to audit or manage Disk encryption on the Win10 endpoints. I understand there was a trial of this last year, but no current capabilities.

 

Can anyone advise:

  • If this is roadmap feature with an ETA 
  • Any workaround/scripts/apps that can be used to record/populate the disk encyption status of a number of SM registed Win10 machines?

 

9 REPLIES 9
PhilipDAth
Kind of a big deal

I don't know the answers.  I know you can use the command 'manage-bde –status' to get the bitlocker status.  You can probably get it via some Powershell API as well.

 

You would need to write a script to retrieve the info and then store it somehwhere.

Sure that works locally in a Powershell terminal with Admin rights....

 

Can I run a powershell script remotely via system manager? I have a number of remote endpoints on different networks, no relevant Domain etc.

Anyone else able to assist?

 

Meraki Support not answered a Case in several days - amazed that anyone using Meraki on a Windows Endpoints does not audit Bitlocker status?

T1
Getting noticed

We push Powershell scripts to Windows endpoints wrapped as .msi. Script enables encryption on remote machines and reports back to a VM in Azure with encryption status and recovery key. Didn't implement an audit (waiting for Meraki to do it), but it is fairly easy to run a script as a scheduled task and report Bitlocker status on a regular basis to some kind of a centralised location.

Thanks for responding. Will looking into wrapping a script (presumably something with 'manage-bde -status') into an msi.

Does that get tracked as installed on Meraki, or does it just run once and show as not installed? I was considering exploring the 'command' option for a script but have read mixed results

It's also annoying as will have to build some form of host server for all the endpoints to call home, which we currently don't have/need.
T1
Getting noticed

Once device is encrypted, we add "encrypted" to notes field but that's about it. We are not happy with all these workarounds we have to do to fix a piece of functionality which should be there out of the box. Monitoring encryption status is possible and not hard to implement but MDM is still in early stages of rollout so this is not high on our list of priorities.

 

At our last meeting with Meraki they were quite surprised to hear what we do with scripts. As far as I understood them, they are still trying to prioritize which MDM controls to implement for Win 10 platform.

KPA
New here

We are having the same issue with using System Manager. It is not able to manage and enforce BitLocker on Windows Devices. We have resorted to using TruGrid BitLocker Management for this.

 

Kay

BobRossJr
Just browsing

It's nearing end 2021. Anyone know if Bitlocker encryption is supported in Meraki these days? I don't see it listed as a feature anywhere. Pretty sad if not.

T1
Getting noticed

Nothing has changed in the last 2 years. Windows 10 support is non existent.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels