BitLocker Compliance Dashboard

The BitLocker Compliance dashboard scans Active Directory, MBAM, and ConfigMgr for BitLocker compliance information. Scans can be filtered based on Domain, OU, and Collection. This dashboard pulls information from ConfigMgr SQL database, MBAM, and/or Active Directory, depending on your BitLocker configuration. 

As with all Right Click Tools Security and Compliance dashboards, the displayed results are actionable with Right Click Tools (and support multi-select).

For a video walkthrough, see BitLocker Compliance Dashboard on YouTube.

Common Use Cases

  • Identifying computers without stored recovery keys
  • Identifying computers with no encryption or incorrect encryption
  • Monitoring recovery key location changes during a migration

Run a BitLocker Scan

To scan devices for BitLocker compliance:

1. In your Configuration Manager console, navigate to Assets and Compliance > Recast Software > BitLocker Compliance.

2. Choose filtering options:

  • If your BitLocker keys are stored in Active Directory or a standalone MBAM instance, choose to Search By AD OU
  • If your BitLocker keys are stored in the Configuration Manager BitLocker, choose to Search By Collection.

3. Click Scan.

BitLocker Compliance Tool screenshot

BitLocker Compliance Charts

BitLocker Recovery Key Storage: Displays computers according to where keys are stored (AD, MBAM, ConfigMgr). Also displays computers without stored keys.

Unified Compliance: Displays unified MBAM and ConfigMgr BitLocker compliance, which will be unique to each organization. Computers marked as NonCompliant are not compliant in both MBAM and Configuration Manager BitLocker.

Click on a segment of the chart or legend to view details in the bottom section.

Results can be downloaded by clicking Export to CSV at the bottom right of the page.

Actionable Results

You can run Right Click Tools actions for single or multi-selected devices.

Tools commonly run against this dashboard:

Recast Permissions

No additional permissions required.

Microsoft Permissions

  • Read rights to Active Directory OUs and their computer objects contained within for the specific domain
  • Read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys
  • Read permissions to the MBAM Recover and Hardware database
  • Read rights to the MBAM Compliance Status database