Bitlocker Management via Itarian RMM / Endpoint Manager

Just curious if Itarian ever plans on adding any support to managing bitlocker on devices that have endpoint manager installed?

It would be nice to be able to create a Bitlocker policy for your Endpoint Groups that apply to all the machines automatically in the group. In addition to creating and deploying Bitlocker policies from Itarian RMM, it would also be nice if it had the capability to show you which devices are in sync with the policy and have bitlocker and which devices do not match the policy settings or have bitlocker disabled.

Im sure I could crudely deploy Bitlocker through Endpoint Manager procedures, but I am more interested in a policy based system that not only deploys group-specific policies to my endpoints but can also show me at a glance the status of Bitlocker on the endpoint so that they can easily be verified.

I am looking for a bitlocker management system for all clients so I dont have to manage individually through Group Policy. It also looks like I could do this through M365 Intune. I also see some endpoint security products offer encryption management like Sophos Safeguard, but it would be nice to have a feature like this tied into Itarian so I dont need yet another piece of software to manage this.

Hi @minntech i also second this feature. we currently use Eset full disk encryption with Eset Protect (MSP dashboard) but it would be nice to have Bitlocker be able to be managed through RMM and then be able to report on its status etc for company wide compliance

We have a monitor that alerts us if Bitlocker is enabled or not on the device. We apply that monitor to all devices that are supposed to have bitlocker enabled and we get an alert and a ticket if it gets turned off for whatever reason. We also have a procedure that captures the current bitlocker recovery key once per week which has allowed us to save someone a lot of headache at one point. We run this procedure on all devices we manage as it will simply state that bitlocker doesn’t have a recovery key if bitlocker is not enabled. I have actually been looking at coding some Python scripts to execute PowerShell commands to enable and disable bitlocker.

It would be nice if there was an encryption indicator icon in ITarian though like the icons for Antivirus, Contianment, Firewall, etc to easily spot encrypted and unencrypted devices.

Also as a side note, Microsoft seems to have a tendency now to automatically enable bitlocker on any Windows 10 Pro device that is joined to Azure if it sees a TPM chip on the device. This seems to be default behavior now.

Beachhead Solutions may be an option for you ( “BeachheadSecure is a cloud-based data security platform providing cybersecurity and IT teams with the encryption, remote access control, and sentinel capabilities purpose-built to continually, thoroughly, and automatically protect vulnerable data across all device types.”

hello @minntech, @fastassist, @uandit,

You can use below script as a custom script monitor…atus-of-drives

then for all devices that doesn’t have bitlocker enabled, you could use either one of below scripts to encrypt drives as auto-remediation procedure.…e-in-bitlocker…-keys-to-email

You can also check our help guides about details.…stom_procedure…-Monitors.html

Please let me know of any questions regarding this issue.

Best regards,

Sure. I understand something crude could be put together with monitors and procedures, but that just seems kind of janky. Lots of moving parts and room for human error.

Even if it wasnt Itarian where this feature git into, I could see it being a legitimate request for Comodo Security, to have some sort of bitlocker management that could then be configured via Itarian RMM machine profile. Competing products like Eset and Bitdefender offer FDE by managing Bitlocker on machines. Both can be managed via cloud portal.

Disk encryption like this is something we want better, if you have ideas I’m more than happy to discuss