Intune Device Encryption Status Report

Let’s check the Intune Device Encryption Status Report from Intune, Endpoint Manager portal. The Encryption report displays a list of the devices you manage with high-level details about those devices.

The Microsoft Intune encryption report is a centralized location to view details about a device’s encryption status and find options to manage device recovery keys. The recovery key options that are available depend on the type of device you’re viewing.

The encryption status report supports reporting on devices that run the operating system versions macOS 10.13 or later and Windows version 1607 or later.

This report can be of use in identifying problems for groups of devices. When you select a device from the Encryption report, Intune displays the Device encryption status. Whether the OS drive is encrypted. It can take up to 24 hours for Intune to report on a device’s encryption status or a change to that status.

Patch My PC

Joy has well explained the working mechanism of Bitlocker encryption, the internal OS components involved, and most importantly, Take a look at the blog post here if you have not seen it yet – why it is necessary and how it helps secure the OS platform from cold boot attacks.

Intune Device Encryption Status Report

These reports provide timely, targeted data that helps you focus and take action. You can view the Encryption Status report using the following steps –

Click on Monitor - Intune Device Encryption Status Report 1
Click on Monitor – Intune Device Encryption Status Report 1

Under Configuration, select Encryption report.

Encryption Report - Intune Device Encryption Status Report 2
Encryption Report – Intune Device Encryption Status Report 2

The Encryption report pane displays a list of the devices you manage with high-level details about those devices. You can select a device from the list to drill-in and view additional details from the Device encryption status pane.

  • Device name – The name of the device.
  • OS – The device platform, such as Windows or macOS.
  • OS version – The version of Windows or macOS on the device.
  • TPM version (applies to Windows 10/11 only) – The version of the Trusted Platform Module (TPM) chip detected on the Windows device.
  • Encryption readiness – An evaluation of the devices readiness to support applicable encryption technology, like BitLocker or FileVault encryption. Devices are identified as:
    • Ready: The device can be encrypted by using MDM policy, which requires the device to meet the requirements For macOS devices: macOS version 10.13 or later, For Windows devices: Windows 10 version 1709 or later of Business, Enterprise, Education, Windows 10 version 1809 or later of Pro, and Windows 11. The device must have a TPM chip.
    • Not ready: The device doesn’t have full encryption capabilities, but may still support encryption.
    • Not applicable: There isn’t enough information to classify this device.
  • Encryption status – Whether the OS drive is encrypted.
  • User Principal Name – The primary user of the device.

Note – When you select a device from the Encryption report, Intune displays the Device encryption status pane to get you the more detailed information.

Monitor Encryption Report - Intune Device Encryption Status Report 3
Monitor Encryption Report – Intune Device Encryption Status Report 3

Use the Columns property to add or remove columns from the generated report. Click on the Columns, and A flyout displays. Here you can Check or Uncheck the columns you want to include.

The following columns are available in this report:

  • Device name
  • OS
  • OS version
  • TPM version
  • Encryption readiness
  • Encryption status
  • User principal name
Add Columns - Intune Device Encryption Status Report 4
Add Columns – Intune Device Encryption Status Report 4

Export Intune Encryption Report

While viewing the Encryption report pane, you can select Export to create a .csv file download of the report details.

This report includes the high-level details from the Encryption report pane and Device encryption status details for each device you manage.

Once you clicked on the Export. The popup will appear with the following message when exporting the encryption report, Click Download.

A notification will appear automatically in the top right-hand corner with the message Export is in progress. You can also see the status by selecting the notification icon.

Click Export - Export Intune Encryption Report
Click Export – Export Intune Encryption Report

This will export data to a comma-separated values (.csv) file. The report file is added to your download tray and automatically saved to your computer and a notification message will appear Export completed. Open the downloaded file to view the details.

Author

About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.