Checking the status of BitLocker | v8+
BitLocker is a full disk encryption tool that has been a standard part of Windows OS since Vista. The disk encryption helps protect data on a machine, particularly in the event that the device is lost or stolen.
Where can I find the BitLocker status of a device?
From Certero v6, the status of BitLocker can be found as part of the inventory for a device. This will be found as part of the Disk information. Certero will discover the status for each drive, meaning that if your machine is only part-encrypted, you will be able to distinguish between the two. Thus, giving you important information that you can action against.
BitLocker status is reported as one of:
Unknown
Protected
Unprotected
Related Microsoft Article
Certero inventory reports the Windows BitLocker status. For those interested in the technical aspect of this, please refer to the following link to a Microsoft article:
https://docs.microsoft.com/en-us/windows/win32/secprov/win32-encryptablevolume
In summary, the status reported by Certero relates to the status reported by Windows as follows:
Certero Status | Windows Status | Meaning as defined by Microsoft |
Unknown | PROTECTION UNKNOWN | The volume protection status cannot be determined. One potential cause is that the volume is in a locked state. |
Protected | PROTECTION ON | The volume is fully encrypted and the encryption key for the volume is not available in the clear on the hard disk. |
Unprotected | PROTECTION OFF | The volume is not encrypted, partially encrypted, or the volume's encryption key for the volume is available in the clear on the hard disk. |
How do I report on the BitLocker Status?
Setting up a reporting system for the status of BitLocker across your IT infrastructure is an easy task to accomplish within Certero v6. This can all be achieved though the employment of Dynamic Groups. A simple way of reporting on BitLocker could be to have a simple criteria for the Dynamic Group, such as:
This group would find any machine that has a drive utilizing BitLocker. Alternatively, you could set the BitLocker status to Unprotected , allowing you to see all machines that have un-encrypted drives. The Criteria can be built upon and customised to suit your individual reporting needs.
A good way to keep up-to-date with your BitLocker status could be to create an Certero Alert against your Dynamic Group . If you are unfamiliar with the alerting capabilities within Certero, you can read about it
Create a Dynamic Group to show all unprotected devices
Create an Alert against the datagrid of that Dynamic Group
Set the Frequency to When the Number of Records Change
This way, every time a machine reports to Certero that it has a drive not encrypted with BitLocker, you will receive an automated email. Allowing you to take action quickly.