When joining a Windows 10 device to Azure AD which supports “InstantGo” or “Connected standby” e.g. Surface. Microsoft Automatically enables bitlocker.

For all other devices you need to manually enable bitlocker on your drive.

As an IT admin you can create a Compliance Policy that checks if Bitlocker has been enabled. Here is how:

  1. Log in to http://manage.microsoft.com
  2. Click Policies and Compliance Policy
  3. Click Add
  4. Name: Bitlocker Check
  5. Description: Checks if bitlocker is enabled
  6. Under device health enable Windows Device Health Attestation.
  7. Deploy the policy to your target users or groups
  8. Check for compliance.