Forum Discussion
Request for Guidance on BitLocker Drive Status Full Inventory in Device Hardware - TPM
Hi Akhil5603,
Intune has a built in report for TPM or Encryption report (Device --> Monitor --> Encryption report) where you can see device name, OS, OS Version, TPM Version, Encryption readiness, Encryption status and user principal name.
To gather more detailed information, you can use a custom PowerShell script that should collect more information on TPM status and BitLocker encryption. (I haven´t tested it):
# Query TPM status
$tpmStatus = Get-WmiObject -Namespace "Root\CIMv2\Security\MicrosoftTpm" -Class Win32_Tpm
Write-Host "TPM Version: $($tpmStatus.SpecVersion)"
Write-Host "TPM Manufacturer ID: $($tpmStatus.ManufacturerID)"
Write-Host "TPM Manufacturer Version: $($tpmStatus.ManufacturerVersionInfo)"
Write-Host "TPM Enabled: $($tpmStatus.IsEnabled_InitialValue)"
# Query BitLocker status
$bitlockerStatus = Get-BitLockerVolume | Select-Object -Property DriveLetter, VolumeStatus, EncryptionPercentage
$recoveryInfo = Get-BitLockerRecoveryPassword
$recoveryKey = $recoveryInfo[0].RecoveryPassword
Write-Host "BitLocker Drive Status:"
$bitlockerStatus | Format-Table -AutoSize
Write-Host "BitLocker Recovery Key: $recoveryKey"
You can also try third-party solutions like ManageEngine Desktop Central or Symantec Endpoint Protection.
Please click Mark as Best Response & Like if my post helped you to solve your issue.
This will help others to find the correct solution easily. It also closes the item.
If the post was useful in other ways, please consider giving it Like.
Kindest regards,
Leon Pavesic
(LinkedIn)
