BitLocker Compliance Dashboard
This tool scans Active Directory, MBAM, and ConfigMgr for compliance information about BitLocker. Scans can be filtered based on Domain, OU, and Collection.
How Information is Collected
Information can be pulled from ConfigMgr SQL database, MBAM, and/or Active Directory, depending on your BitLocker configuration.
In the Assets and Compliance section of ConfigMgr, click on BitLocker Compliance under the Recast Software Node.
Results in the left pane show computers sorted by where keys are stored based on the legend of the chart. Results in the right pane show unified MBAM and ConfigMgr BitLocker compliance, which will be unique to each organization.
Both charts are interactive, any portion of the pie chart that is clicked will populate the list of devices associated with that section in the bottom section of the dashboard.
Results can be exported to CSV (via the button at the bottom right of the page).
- As with all of the RCT Security and Compliance Dashboards, these results are actionable with Right Click Tools (and support multi-select):
The BitLocker Compliance dashboard requires read rights to Active Directory OUs and their computer objects contained within for the specific domain. For the left pie chart, it will also need read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys as well as read permissions to the MBAM Recover and Hardware Database. The right pie chart requires read rights to the MBAM Compliance Status database.