The BitLocker Compliance dashboard scans Active Directory, MBAM, and ConfigMgr for BitLocker compliance information. Scans can be filtered based on Domain, OU, and Collection. This dashboard pulls information from ConfigMgr SQL database, MBAM, and/or Active Directory, depending on your BitLocker configuration.
As with all Right Click Tools Security and Compliance dashboards, the displayed results are actionable with Right Click Tools (and support multi-select).
For a video walkthrough, see BitLocker Compliance Dashboard on YouTube.
Common Use Cases
- Identifying computers without stored recovery keys
- Identifying computers with no encryption or incorrect encryption
- Monitoring recovery key location changes during a migration
Run a BitLocker Scan
To scan devices for BitLocker compliance:
1. In your Configuration Manager console, navigate to Assets and Compliance > Recast Software > BitLocker Compliance.
2. Choose filtering options:
- If your BitLocker keys are stored in Active Directory or a standalone MBAM instance, choose to Search By AD OU.
- If your BitLocker keys are stored in the Configuration Manager BitLocker, choose to Search By Collection.
3. Click Scan.
Create a Snapshot or Trend
A dashboard snapshot lets you capture the state of your system at a single point in time. This functionality is available on the BitLocker Web Dashboard. You can view BitLocker compliance over a set period of time by creating a BitLocker Web Dashboard Trend.
BitLocker Compliance Charts
BitLocker Recovery Key Storage: Displays computers according to where keys are stored (AD, MBAM, ConfigMgr). Also displays computers without stored keys.
Unified Compliance: Displays unified MBAM and ConfigMgr BitLocker compliance, which will be unique to each organization. Computers marked as Non-Compliant are not compliant in both MBAM and Configuration Manager BitLocker.
Click on a segment of the chart or legend to view details in the bottom section.
Results can be downloaded by clicking Export to CSV at the bottom right of the page.
You can run Right Click Tools actions for single or multi-selected devices.
Tools commonly run against this dashboard:
No additional permissions required.
- Read rights to Active Directory OUs and their computer objects contained within for the specific domain
- Read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys
- Read permissions to the MBAM Recover and Hardware database
- Read rights to the MBAM Compliance Status database