When a drive is in suspend protection mode, it's only encrypted, not protected. To check if a drive is in suspend protection, go to the Endpoint Central web console, navigate to BitLocker management, find the computer under Managed Computers, and verify if the Protection Status is "Disabled".