Full Disk Encryption
With BigFix MCM, you can centrally manage the native full-disk encryption (FDE) technologies from Windows (BitLocker) and macOS (FileVault2) to secure data at rest.
For more information on Full Disk encryption feature in BigFix MCM, see Full Disk Encryption.
Workflow to configure and deploy Full Disk Encryption
Health Check
After configuring Full Disk Encryption, to view the MDM Full Disk Encryption Status, on the Modern Client Management page click
Building a saved report for encryption status
Using the properties from the "Full Disk Encryption Status" analysis, you can enable columns that allow filtering to look for devices that are not encrypted, missing recovery key, and so on.
- From the device list, click
manage column icon.
- In the Manage columns window, search by string in the Property name field or in the Analysis column, select Full Disk Encryption.
Property | Description |
---|---|
Encrypted | If the endpoint is encrypted, shows the encrypted recovery
key. Note: If the endpoint is encrypted, but if it does not
show recovery key, that it might have been target for key
regeneration. |
Drive encryption status | Disk Encryption shows overall encryption status for system drive. |
Disk encryption status | Drive encryption shows for Windows per drive encryption status and method. |
TPM status | TPM status shows for Windows whether the TPM has been detected and if Ready, values here are "Ready" "Not Ready" "Not Detected" |
- After selecting properties and configuring the datagrid the way you want it to look, you can save the view in a Report by clicking on “Save Report” in the Devices Page.
-
After filling in a Report Name and Report Description and hitting save, the view will be available under “Reports” in the Global Navigation bar for later viewing and reference.