What is the difference between Drive Encryption Volume status report and DE disk status report? I've notice that these reports have same data but different results.
So which one should I use when reporting on the number of machines with DE installed?
A disk can have more than one volume (or partitions). With software encryption each partition is tracked individually and the disk is marked as either encrypted, partially encrypted (one or more partition is not encrypted), or not encrypted.
OPAL disks will be listed in disks but not in volumes as the entire disk is encrypted rather than individual partitions. These disks will either be encrypted or not encrypted.
These queries are very useful but not for determining the number of systems that are active / encrypted as systems can have multiple disks and partitions.
The "DE: Encryption Provider" query is likely what you are looking for which will show inactive systems, systems activated using software encryption, and systems activated with OPAL encryption.