Full Disk Encryption

With BigFix MCM, you can centrally manage the native full-disk encryption (FDE) technologies from Windows (BitLocker) and macOS (FileVault2) to secure data at rest.

For more information on Full Disk encryption feature in BigFix MCM, see Full Disk Encryption.

Workflow to configure and deploy Full Disk Encryption

Health Check

After configuring Full Disk Encryption, to view the MDM Full Disk Encryption Status, on the Modern Client Management page click Health Check.

Building a saved report for encryption status

Using the properties from the "Full Disk Encryption Status" analysis, you can enable columns that allow filtering to look for devices that are not encrypted, missing recovery key, and so on.

To include the Full Disk Encryption specific device properties in the device data grid:
  1. From the device list, click manage column icon.
  2. In the Manage columns window, search by string in the Property name field or in the Analysis column, select Full Disk Encryption.
Property Description
Encrypted If the endpoint is encrypted, shows the encrypted recovery key.
Note: If the endpoint is encrypted, but if it does not show recovery key, that it might have been target for key regeneration.
Drive encryption status Disk Encryption shows overall encryption status for system drive.
Disk encryption status Drive encryption shows for Windows per drive encryption status and method.
TPM status TPM status shows for Windows whether the TPM has been detected and if Ready, values here are "Ready" "Not Ready" "Not Detected"
  • After selecting properties and configuring the datagrid the way you want it to look, you can save the view in a Report by clicking on “Save Report” in the Devices Page.
  • After filling in a Report Name and Report Description and hitting save, the view will be available under “Reports” in the Global Navigation bar for later viewing and reference.