Examples of scheduled and on-demand volume encryption suspension are described. A management service can identify multi-volume encryption rules for local volumes of a client device including the operating system volume as well as non-operating-system volumes. The encryption rules can be transmitted to the client device. Volume encryption samples for the client device can be received, and a console user interface can be generated to indicate compliance status information for the multi-volume encryption rules for local volumes of a client device.