question

usarif avatar image
0 Votes"
usarif asked ·

Get AAD device connect encryption status PowerShell

Folks,
Just need little example or help to find status of encryption of AAD joined devices. I looked into PS 'Get-MsolDevice -All -ReturnRegisteredOwners' OR Get-AzureADDevice but none of them giving me status on encyrption ....is there any example i can see to find out...

thanks in advance...

azure-active-directory
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

vipulsparsh-MSFT avatar image
2 Votes"
vipulsparsh-MSFT answered ·

Thanks for reaching out @usarif , as I understand from your question, you want to find the encryption status of an AAD Joined devices by using powershell.

Assuming you are using Intune to push the encryption policies down to devices, that information is stored with Intune service and can be queried via Intune Powershell module which you download from :
https://github.com/microsoft/Intune-PowerShell-SDK

I ran it in my lab to find the status and it does show an attribute "isEncrypted" which might be useful for you.

Here is a snippet :

7526-in-pwrshl.jpg



Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.


in-pwrshl.jpg (111.7 KiB)
· 8 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

hi, good to know this cmdlet... No i am trying to implement intune but there is no policy applied yet. As soon it joined to AAD, it encrypts the device and put key in AAD. I was looking for AAD cmdlet to fine it...


0 Votes 0 ·

@usarif , The behavior for automatically encrypting a device when AAD joined is controlled by Intune Service internally. Can you give those Intune commands a try and let us know if that don't work. As Azure powershell module does not has that isEncrypted parameter it falls under the Intune Modules.


If the above still does not work, I would like to take a look at your environment once to get a better understanding on this. it would be great if you can share the following details to this email id: azcommunity[at]microsoft[dot]com


Details to be shared:


Tenant ID/Tenant Name:


UPN :


Device ID :


Preferred time to schedule a call on Teams:


Do share these information in the email and also do not forget to share the reference of this thread so that its easier for me to figure out and help you further.


0 Votes 0 ·

i have send you an emailt to azcommunity....running on other upn, didn't give me any output...


0 Votes 0 ·

Thanks for sending the additonal information @usarif, if the device is not Intune Enrolled then you would not be able to find the isEncrypted parameter with the modules.

Just as a FYI, if your endgoal is close to finding Bitlocker recovery keys for the AAD Joined devices, you can try this 3rd party websites which talks about how to do it.

https://pwsh.nl/2018/10/26/retrieving-bitlocker-keys-from-azure-ad-with-powershell/

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet




0 Votes 0 ·

@usarif Just wanted to follow up with you to check if the above response helped you. If it did, please do not forget to accept the response as Answer; if the above response helped in answering your query.


0 Votes 0 ·

it is amazing using 3rd party to retrieve azure key...Don't you think MS needs to straight up these for administrator?


0 Votes 0 ·
Show more comments