Handle null case in datastore method to get host disk encryption stat…

…us (#17541)

changes/issue-17476-get-bitlocker-status

@@ -0,0 +1,2 @@
+- Fixed issue where getting host details failed when attempting to read the host's bitlocker status
+  from the datastore.

server/datastore/mysql/microsoft_mdm.go

@@ -666,6 +666,7 @@ SELECT
 		WHEN (%s) THEN '%s'
 		WHEN (%s) THEN '%s'
 		WHEN (%s) THEN '%s'
+		ELSE ''
 	END AS status,
 	COALESCE(client_error, '') as detail
 FROM
@@ -698,6 +699,12 @@ WHERE
 		dest.Status = fleet.DiskEncryptionEnforcing
 	}
 
+	if dest.Status == "" {
+		// If we have no status, we treat it as enforcing since we know disk encryption is enabled and log for potential debugging
+		level.Debug(ds.logger).Log("msg", "no bitlocker status found for host", "host_id", host.ID)
+		dest.Status = fleet.DiskEncryptionEnforcing
+	}
+
 	return &fleet.HostMDMDiskEncryption{
 		Status: &dest.Status,
 		Detail: dest.Detail,

server/service/integration_mdm_test.go

@@ -12483,3 +12483,23 @@ func (s *integrationMDMTestSuite) TestMDMDiskEncryptionIssue16636() {
 	assert.False(t, acResp.MDM.EnableDiskEncryption.Value)
 	s.assertConfigProfilesByIdentifier(nil, mobileconfig.FleetFileVaultPayloadIdentifier, false)
 }
+
+func (s *integrationMDMTestSuite) TestIsServerBitlockerStatus() {
+	t := s.T()
+	ctx := context.Background()
+
+	// create a server host that is not enrolled in MDM
+	host := createOrbitEnrolledHost(t, "windows", "server-host", s.ds)
+	require.NoError(t, s.ds.SetOrUpdateMDMData(ctx, host.ID, true, false, "", false, "", ""))
+
+	acResp := appConfigResponse{}
+	s.DoJSON("PATCH", "/api/latest/fleet/config", json.RawMessage(`{
+		"mdm": { "enable_disk_encryption": true }
+  }`), http.StatusOK, &acResp)
+	assert.True(t, acResp.MDM.EnableDiskEncryption.Value)
+
+	var hr getHostResponse
+	s.DoJSON("GET", fmt.Sprintf("/api/latest/fleet/hosts/%d", host.ID), nil, http.StatusOK, &hr)
+
+	require.Equal(t, fleet.DiskEncryptionEnforcing, *hr.Host.MDM.OSSettings.DiskEncryption.Status)
+}