A latest Microsoft Support knowledgebase article and servicing stack replace for Windows working methods presents a repair for a race situation subject launched by a safe boot feature replace, which induced patching to set off a BitLocker restoration password. It jogged my memory that we regularly neglect which units have BitLocker. When you patch, BitLocker is generally silent and doesn’t intrude within the patching course of. BitLocker is designed to be silent, a lot so that you simply would possibly neglect which machines have it enabled and which of them don’t.
Microsoft not too long ago introduced that it’ll add superior administration instruments to observe and manage BitLocker within the coming months to SCCM and Intune. In the meantime, what are you able to do to stock your community to decide which units have BitLocker? Plenty.
Using PowerShell to discover BitLocker-enabled units
Let’s begin off with PowerShell. The
manage-bde -status c: command signifies whether or not BitLocker is enabled on the machine.