Overview
If a device is encrypted with BitLocker but CloudRadial is not showing it as encrypted, the issue is typically related to how the CloudRadial agent reads the encryption state. The agent checks two specific values - the protection status and whether an encryption key is present - rather than just the raw encryption state of the disk.
Symptoms
- Device shows as "not encrypted" in CloudRadial even though BitLocker is enabled
- Encryption policy shows as failing for an endpoint that has BitLocker active
- Discrepancy between what Windows reports and what CloudRadial displays
Cause
The CloudRadial agent determines encryption status by checking two conditions:
- Protection status - BitLocker protection must be set to "On" (not suspended or off)
- Key presence - A BitLocker recovery key must be generated and present
A drive can be encrypted but still show as unprotected in CloudRadial if the protection status is suspended, or if no recovery key has been generated.
Prevention
- When deploying BitLocker via policy, ensure recovery keys are automatically backed up to Active Directory or Azure AD
- Avoid suspending BitLocker protection unless absolutely necessary, and always resume protection immediately after
If the protection status is "On" and a key is present but CloudRadial still shows the drive as not encrypted, please submit a support ticket.
Comments
0 comments
Article is closed for comments.