The BitLocker Web Dashboard scans Active Directory, Configuration Manager, and MBAM for BitLocker compliance information. This dashboard requires a service connection to each third-party product you want to scan (AD, ConfigMgr, MBAM).
Common Use Cases
- Identifying computers without stored recovery keys
- Identifying computers with no encryption or incorrect encryption
- Monitoring recovery key location changes during a migration
Run a BitLocker Scan
To scan devices for BitLocker compliance:
1. In your Recast Management Server, navigate to Dashboards > BitLocker.
2. On the BitLocker page, click Select Service Connections to choose service connections to include in the scan.
3. In the side panel that opens, select objects in Active Directory and Configuration Manager.
4. Ensure that at least one MBAM service connection is selected to run MBAM actions.
5. Click Save & Run Scan.
Edit Configuration Filters
After a scan runs, you can click Edit to change the service connections included in the scan.
Create a Snapshot
Take a snapshot of the dashboard to capture the state of your system at a single point in time.
To create a snapshot:
After a scan runs, click Create Snapshot.
Create a Trend
Schedule regular snapshots to view BitLocker compliance over a set period of time. See BitLocker Web Dashboard Trend.
BitLocker Charts
BitLocker Recovery Key Storage: Displays devices according to where recovery keys are stored (AD, ConfigMgr, MBAM). Also displays devices without stored keys.
Unified Compliance: Displays devices according to compliance in the ConfigMgr database, the MBAM database, or both.
Click on a segment of the chart or legend to view details in the table.
NOTE: Devices may be non-compliant due to a lack of encryption or because they were encrypted using the wrong method.
BitLocker Tabs
Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.
Actionable Results
Right Click Tools actions commonly run against results in this dashboard:
- Remote Windows Security
- ConfigMgr BitLocker Recovery Keys
- AD BitLocker Recovery Keys
- MBAM BitLocker Recovery Keys
Microsoft Permissions for the Proxy Service Account
Requires read rights to the following:
- Active Directory OUs and the computer objects contained within them for the specific domain
- AD computer object leaf/nested objects which contain BitLocker recovery keys
- MBAM Recovery and Hardware database
- MBAM Compliance Status database