Bitlocker Compliance Dashboard


BitLocker Compliance Dashboard

This tool scans Active Directory, MBAM, and ConfigMgr for compliance information about BitLocker. Scans can be filtered based on Domain, OU, and Collection.

How Information is Collected

Information can be pulled from ConfigMgr SQL database, MBAM, and/or Active Directory, depending on your BitLocker configuration.

Where the tool is located

In the Assets and Compliance section of ConfigMgr, click on BitLocker Compliance under the Recast Software Node.

Bitlocker Compliance Location

Results in the left pane show computers sorted by where keys are stored based on the legend of the chart. Results in the right pane show unified MBAM and ConfigMgr BitLocker compliance, which will be unique to each organization.

Both charts are interactive, any portion of the pie chart that is clicked will populate the list of devices associated with that section in the bottom section of the dashboard.

Results can be exported to CSV (via the button at the bottom right of the page).

BitLocker Compliance Tool screenshot

BitLocker Compliance Dashboard Actionable Results

  • As with all of the RCT Security and Compliance Dashboards, these results are actionable with Right Click Tools (and support multi-select):


BitLocker Security Tools screenshot

Recast Permissions

Microsoft Permissions

The BitLocker Compliance dashboard requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. For the left pie chart, it will also need read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys as well as read permissions to the MBAM Recover and Hardware Database. The right pie chart requires read rights to the MBAM Compliance Status database.