Monitoring Disk Encryption

RMM North-pane

A new column is added to the North pane of the dashboard once Disk Encryption Manager is enabled on at least one device. This column (as can the others) be dragged into a more suitable position if required. Simply click and hold the column icon and drag to a new position.

This column denotes the status of Disk Encryption Manager on the devices where it is enabled.

North-pane Disk Encryption Manager Column Icon
South-pane Disk Encryption Manager Checks Icon

RMM South-pane

As part of the installation process, Checks are automatically added to the device to monitor the Disk Encryption Manager status. These appear in the Checks tab in the South-pane of the selected device; one for the Disk Encryption service running on the device, and one for each disk the device has, denoting the encryption status of the disk.

Check: Disk Encryption Manager Service Check (Bitdefender)

This check monitors the Disk Encryption Manager Service. The check passes when the service is reported as running and fails where the service is in any other state. In the More Information column the encryption state of the device is displayed allowing you to quickly verify if the device is encrypted or not. Clicking the link here will open the More Information dialog, giving more details of the status of Disk Encryption Manager.

More Information details:

  • General Information
    • Policy name - Name of the policy in use on the device
    • Encryption status - Status will be one of Encrypted, Unencrypted, Locked, Encrypting, Decrypting or Suspended (device offline during encryption or decryption process)
    • Last communication - Last date and time the device communicated encryption status details to the dashboard
    • Next communication - Next expected date and time that the device communicates encryption status details to the dashboard
  • Device encryption overview
    • Date time - Last date and time the device communicated encryption status details to the dashboard
    • Mount point - Lists the all disks mounted on the device
    • Boot drive - Indicates if the Mount point is the boot drive or not
    • Protection type - Details the protection type (Passphrase, TPM or TPM + PIN)
    • Check state - The current Fail or Pass state of the check
    • Drive state - Status will be one of Encrypted, Unencrypted, Encrypting, Decrypting or Suspended (device offline during encryption or decryption process)
  • Device encryption history
    • Encryption state - Overall device encryption state at Transition time
    • Transition time - Time and date of a change to the Encryption state
    • Duration - Length of time the device has been in the Encryption state

Check: Disk Encryption Manager Check (Bitdefender) - <drive letter>

For each drive in the device, RMM automatically adds this check. This allows for an at-a-glance confirmation that the drive is encrypted or not in the More Information column. Clicking the More Information link opens the More Information dialog, giving more detailed information.

More Information details:

  • Drive details
    • Policy name - Name of the policy in use on the device
    • Drive state - State will be one of Encrypted, Unencrypted, Encrypting, Decrypting or Suspended (device offline during encryption or decryption process)
    • Drive capacity - Storage capacity of the drive
    • Encryption algorithm - Denotes the encryption algorithm used
    • Protection type - Details the protection type (Passphrase, TPM or TPM + PIN)
    • Boot disk - Either Yes or No, denoting if this is the boot disk or not
    • Encryptable - Denotes if the drive is capable of being encrypted or not (regardless of current encryption state)
    • Last communication - Last date and time the device communicated encryption status details to the dashboard
    • Next communication - Next expected date and time that the device communicates encryption status details to the dashboard
  • Device encryption overview
    • Date time - Last date and time the device communicated encryption status details to the dashboard
    • Mount point - Lists all disks mounted on the device
    • Boot drive - indicates if the Mount point is the boot drive or not
    • Protection type - details the protection type (Passphrase, TPM or TPM + PIN)
    • Check state - The current Fail or Pass state of the check
    • Drive state - Status will be one of Encrypted, Unencrypted, Encrypting, Decrypting or Suspended (device offline during encryption or decryption process)

South-pane Summary Tab

The South-pane Summary tab will show the current status of Disk Encryption Manager on the device. This updates to match the current status, and will indicate if there has a been an install failure, or an encryption issue (if BitLocker is missing for example), if Disk Encryption Manager is active as well as the encryption state of the device.

Disk Encryption Manager Reports

Online reports are built-into RMM and are customizable allowing you to extract real-time data about the disk encryption status on devices. Some of the standard reports include information regarding Disk Encryption Manager, such as the:

  • User Audit Report
  • Executive Summary Report
  • Managed Antivirus Protection Report

There are 2 dedicated reports available in RMM for Disk Encryption Manager:

  1. Disk Encryption Report: Provides a graphical overview of Encryption Statuses and Encryption Enabled Vs Disabled by default. You can also opt to add Device and Volume details if required
  2. Recovery Key Report: Provides a list of ALL Recovery Keys and their associated Key ID / Protector ID / Recovery Key ID in one location. Often used when devices are removed/decommissioned from the dashboard, so that Recovery Keys are known for any drives still encrypted after turning off DEM. The report does not require the end-users to supply their Key ID / Protector ID / Recovery Key ID to be run. To provide a single Recovery Key to one end-user in the event they require it, please see: Provide a Recovery Key for an End-user

As the Recovery Key Report contains sensitive information and allows decryption of all listed devices, caution should be taken when assigning permissions to technicians to access and run the report.

To access the reports:

  1. In the RMM dashboard select Reports > Managed Antivirus Reports
  2. Select either Disk Encryption Reportor Recovery Key Report, which opens in a new tab

For full details on the reports please see: Disk Encryption Manager Reporting