Bitlocker Compliance Dashboard
This tool scans Active Directory, MBAM, and ConfigMgr for compliance information about BitLocker. Scans can be filtered based on Domain and OU.
Where the tool is located
In the Assets and Compliance section of ConfigMgr, click on Bitlocker Compliance under the Recast Software Node.
Results in the left pane show computers sorted by where keys are stored; whether missing keys altogether, keys stored just in AD, just in MBAM, or both AD and MBAM. Results in the right pane show MBAM compliance, which will be unique to each organization, depending on what Group Policy settings are associated with MBAM Compliance.
Both charts are interactive, any portion of the pie chart that is clicked will populate the list of devices associated with that section in the bottom section of the dashboard.
Results can be exported to CSV (via the button at the bottom right of the page).
Bitlocker Compliance Dashboard Actionable Results
- As with all of the RCT Security and Compliance Dashboards, these results are actionable with Right Click Tools (and support multi-select):
The Bitlocker Compliance Dashboard requires the following permissions:
Requires the Query AD permission in the Active Directory plugin. Additionally, it requires the Add or Remove Account from Group permission in the Active Directory plugin if it's desired to use the Add New Direct Group or Remove from Group features of the tool.
The BitLocker Compliance dashboard requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. For the left pie chart, it will also need read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys as well as read permissions to the MBAM Recover and Hardware Database. The right pie chart requires read rights to the MBAM Compliance Status database.