Am new to DE. We are working to automatically move systems using a sorting criteria(TAG) to a group which has DE task enabled. Before i proceed i took the list of all Laptops from manged system query and then a list of all Laptops from "Drive encryption-disk status" query. this gives variation in total count.
Say i have total managed laptops - 750
total laptops from drive encryption query is only 650 ( what does this difference 100 machines mean ? are they not encrypted or does not have DE policy ?)
also among this 750 when i checked for system(state) i could see below Data.
What does these status mean ? kindly someone explain me each status and its role in DE.
The Drive Encryption product settings policy has a "Enabled" checkbox. This box determines whether the system is in an 'active' or 'inactive' state based on whether it is checked or not.
Active = The system has completed policy enforcement and currently has a policy set to enabled (checked). An active system can be encrypted or decrypted depending on policy settings.
Inactive = The system has completed policy enforcement and currently has a policy set to disabled (unchecked). This also means the system is decrypted.
unknown = Either MDE is not installed on the system or it is installed and policy enforcement has not yet completed.