I have a compliance settings configured to check whether the C drive on our laptops is bitlocker encrypted, based on a WQL query of Win32_EncryptableVolume in the root\cimv2\security\MicrosoftVolumeEncryption namespace. I'd like to be able to add a check for the Encryption Method as well (should be AES 256), but that wmi object doesn't seem to include this info.
Anyone know how I could create a compliance setting to check the encryption method?
