Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 10 subscribers
  • Views 1401 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Query to know if a user with Central device encryption has configured his password

Migue

Query to know if a user with Central device encryption has configured his password.

I need your help if someone knows how to obtain that information through XDR by a query, we need to know how many computers do not have the password configured in bitlocker.

I have executed the bitlocker info query but it does not show the information. Thanks a lot



This thread was automatically locked due to age.
Parents
  • 0

    Hi Miguel,

    Thanks for reaching out to the Community Forum.

    I was able to locate the following Live Discover query which gives lots of information on Bitlocker.
    - BitLocker Status

    Regarding your question, are you asking about the initial prompt presented by CDE where an end-user is required to enter their account password to begin the encryption process or is this regarding the "Require startup authentication" option?

  • 0 in reply to Qoosh

    Hello Kushal, I hope you are well
    Is there a way to identify the users who do have the PIN set when the laptop is turned on?

Reply Children
  • 0 in reply to Migue

    The information you are looking for does not appear to be recorded into the Data Lake. 

    An alternative would be to run the following powershell command. You can do this using a "Live Discover" session after entering "PowerShell " in the prompt. 
    Get-WinEvent -FilterHashtable @{logname="Microsoft-Windows-BitLocker/BitLocker Management";id="789"}  

     The event ID 789 corresponds with the bitlocker pin change.  

Unfiltered HTML
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?