I have not been able to locate a document or instructions on how to setup a PC check that will report if BitLocker is NOT installed and functioning.
So far I have found that the only way to guarantee BitLocker is initialized/running is to execute "manage-bde -status" on the local system and identify the Protection Status (and other good info).
This can be simplified within WMI query:
ProtectionStatus: 1 or a ProtectionStatus: 2 output would be acceptable and means the drive is encrypted and either in a logged in state or logged out state.
So the root of the question is: How can I use Qualys to do this check for me on all my Windows OS's and report back which ones do not have a ProtectionStatus: 1 or a ProtectionStatus: 2
I have not found a CID or a QID for this check.