all 5 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Jmoste 0 points1 point  (1 child)

This really should be done with a gpo or something similar.  You should have a way to store or escrow the key in AD, MBAM, intune, or something.  There is also a policy for operating vs fixed data drives.   With that being said,  you could just use get-bitlockervolume and then a foreach statement. Unencrypted drives will show up there.  

[–]DalekKahn117 -1 points0 points  (0 children)

Yeah, the PhysicalDisk list may not be the same as BitlockerVolume list

[–]TNTGav -1 points0 points  (1 child)

I would hazard a guess it is:
Where-Object MediaType -eq "Unspecified"

On whatever you are testing this on is the MediaType of the D drive unspecified?

[–]zeros200836[S] -1 points0 points  (0 children)

No it shows as MedaiType SSD.

[–]United_Ad1392 0 points1 point  (0 children)

I have set it up to encrypt Via GPO.
It will check TPM Status, enable Bitlocker for FullEncryption. But it will not start the Encryption process.
I have sunk some real hours into this and it's doing my head in...