Let’s check the Intune Device Encryption Status Report from Intune, Endpoint Manager portal. The Encryption report displays a list of the devices you manage with high-level details about those devices.
The Microsoft Intune encryption report is a centralized location to view details about a device’s encryption status and find options to manage device recovery keys. The recovery key options that are available depend on the type of device you’re viewing.
The encryption status report supports reporting on devices that run the operating system versions macOS 10.13 or later and Windows version 1607 or later.
This report can be of use in identifying problems for groups of devices. When you select a device from the Encryption report, Intune displays the Device encryption status. Whether the OS drive is encrypted. It can take up to 24 hours for Intune to report on a device’s encryption status or a change to that status.
Joy has well explained the working mechanism of Bitlocker encryption, the internal OS components involved, and most importantly, Take a look at the blog post here if you have not seen it yet – why it is necessary and how it helps secure the OS platform from cold boot attacks.
- Intune Silent Encryption – A Deeper Dive to Explore the Internal
- Managing Windows Bitlocker Compliance Policy Using Intune | MS Graph | Grace Period
- Enable Bitlocker on HyperV and Handle Error Device Cannot Use a Trusted Platform Module
Intune Device Encryption Status Report
These reports provide timely, targeted data that helps you focus and take action. You can view the Encryption Status report using the following steps –
- Sign in to the Endpoint Manager Intune portal https://endpoint.microsoft.com/
- Navigate to Devices ->Monitor.
Under Configuration, select Encryption report.
The Encryption report pane displays a list of the devices you manage with high-level details about those devices. You can select a device from the list to drill-in and view additional details from the Device encryption status pane.
- Device name – The name of the device.
- OS – The device platform, such as Windows or macOS.
- OS version – The version of Windows or macOS on the device.
- TPM version (applies to Windows 10/11 only) – The version of the Trusted Platform Module (TPM) chip detected on the Windows device.
- Encryption readiness – An evaluation of the devices readiness to support applicable encryption technology, like BitLocker or FileVault encryption. Devices are identified as:
- Ready: The device can be encrypted by using MDM policy, which requires the device to meet the requirements For macOS devices: macOS version 10.13 or later, For Windows devices: Windows 10 version 1709 or later of Business, Enterprise, Education, Windows 10 version 1809 or later of Pro, and Windows 11. The device must have a TPM chip.
- Not ready: The device doesn’t have full encryption capabilities, but may still support encryption.
- Not applicable: There isn’t enough information to classify this device.
- Encryption status – Whether the OS drive is encrypted.
- User Principal Name – The primary user of the device.
Note – When you select a device from the Encryption report, Intune displays the Device encryption status pane to get you the more detailed information.
Use the Columns property to add or remove columns from the generated report. Click on the Columns, and A flyout displays. Here you can Check or Uncheck the columns you want to include.
The following columns are available in this report:
- Device name
- OS version
- TPM version
- Encryption readiness
- Encryption status
- User principal name
Export Intune Encryption Report
While viewing the Encryption report pane, you can select Export to create a .csv file download of the report details.
This report includes the high-level details from the Encryption report pane and Device encryption status details for each device you manage.
Once you clicked on the Export. The popup will appear with the following message when exporting the encryption report, Click Download.
A notification will appear automatically in the top right-hand corner with the message Export is in progress. You can also see the status by selecting the notification icon.
This will export data to a comma-separated values (.csv) file. The report file is added to your download tray and automatically saved to your computer and a notification message will appear Export completed. Open the downloaded file to view the details.
About Author – Jitesh, Microsoft MVP, has over five years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.