Folks, Just need little example or help to find status of encryption of AAD joined devices. I looked into PS 'Get-MsolDevice -All -ReturnRegisteredOwners' OR Get-AzureADDevice but none of them giving me status on encyrption ....is there any example i can see to find out... thanks in advance...

Thanks for reaching out @Arif Usman , as I understand from your question, you want to find the encryption status of an AAD Joined devices by using powershell. Assuming you are using Intune to push the encryption policies down to devices, that information is stored with Intune service and can be queried via Intune Powershell module which you download from : https://github.com/microsoft/Intune-PowerShell-SDK I ran it in my lab to find the status and it does show an attribute "isEncrypted" which might be useful for you. Here is a snippet : Hope this helps. Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.

Get AAD device connect encryption status PowerShell

Accepted answer

VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee

2020-04-21T06:25:55.227+00:00

Thanks for reaching out @Arif Usman , as I understand from your question, you want to find the encryption status of an AAD Joined devices by using powershell.

Assuming you are using Intune to push the encryption policies down to devices, that information is stored with Intune service and can be queried via Intune Powershell module which you download from :
https://github.com/microsoft/Intune-PowerShell-SDK

I ran it in my lab to find the status and it does show an attribute "isEncrypted" which might be useful for you.

Here is a snippet :

Hope this helps.

Do let us know if this helps and if there are any more queries around this, please do let us know so that we can help you further. Also, please do not forget to accept the response as "Answer" if the above response helped in answering your query.
Please sign in to rate this answer.

2 people found this answer helpful.
Arif Usman 421 Reputation points

2020-04-21T15:14:34.557+00:00

hi, good to know this cmdlet... No i am trying to implement intune but there is no policy applied yet. As soon it joined to AAD, it encrypts the device and put key in AAD. I was looking for AAD cmdlet to fine it...

VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee

2020-04-21T15:57:22.953+00:00

@usarif , The behavior for automatically encrypting a device when AAD joined is controlled by Intune Service internally. Can you give those Intune commands a try and let us know if that don't work. As Azure powershell module does not has that isEncrypted parameter it falls under the Intune Modules.

If the above still does not work, I would like to take a look at your environment once to get a better understanding on this. it would be great if you can share the following details to this email id: azcommunity[at]microsoft[dot]com

Details to be shared:

Tenant ID/Tenant Name:

UPN :

Device ID :

Preferred time to schedule a call on Teams:

Do share these information in the email and also do not forget to share the reference of this thread so that its easier for me to figure out and help you further.

Arif Usman 421 Reputation points

2020-04-21T18:18:23.047+00:00

i have send you an emailt to azcommunity....running on other upn, didn't give me any output...

VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee

2020-04-23T08:56:06.303+00:00

Thanks for sending the additonal information @Arif Usman , if the device is not Intune Enrolled then you would not be able to find the isEncrypted parameter with the modules.

Just as a FYI, if your endgoal is close to finding Bitlocker recovery keys for the AAD Joined devices, you can try this 3rd party websites which talks about how to do it.

https://pwsh.nl/2018/10/26/retrieving-bitlocker-keys-from-azure-ad-with-powershell/

Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as a convenience to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet

VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee

2020-04-24T15:20:15.03+00:00

@usarif Just wanted to follow up with you to check if the above response helped you. If it did, please do not forget to accept the response as Answer; if the above response helped in answering your query.

Arif Usman 421 Reputation points

2020-05-10T23:12:23.457+00:00

it is amazing using 3rd party to retrieve azure key...Don't you think MS needs to straight up these for administrator?

Arif Usman 421 Reputation points

2020-05-10T23:31:20.487+00:00

Plus, i tried link listed above. Function doesn't work as people listed under comment mentioned.

VipulSparsh-MSFT 16,231 Reputation points Microsoft Employee

2020-05-11T15:24:59.327+00:00

@usarif Microsoft does take feedback to add features and services you need on basis of votes on Azure Feedback forum.

You can find your most related feature here and can upvote it. As the PG monitors it closely and any request with high votes gets high chances for being GA. Thanks
Sign in to comment

Get AAD device connect encryption status PowerShell

0 additional answers