The BitLocker Web Dashboard scans Active Directory, MBAM, and ConfigMgr for BitLocker compliance information.
Common Use Cases
- Identifying computers without stored recovery keys
- Identifying computers with no encryption or incorrect encryption
- Monitoring recovery key location changes during a migration
Run a BitLocker Scan
To scan devices for BitLocker compliance:
1. In your Recast Management Server, navigate to Dashboards > BitLocker.
2. On the BitLocker page, select an existing domain or site, or click Add to create a new service connection.
3. Click the Scan icon.
Create a Snapshot
To create a snapshot of the scan results, click the Snapshot icon.
Create a Trend
View BitLocker compliance over a set period of time by creating a BitLocker Web Dashboard Trend.
BitLocker Charts
Left-hand chart: Displays devices according to where recovery keys are stored (AD, MBAM, ConfigMgr). Also displays devices without stored keys.
Center chart: Percentage of devices listed as compliant or non-compliant in the MBAM database.
Right-hand chart: Percentage of devices listed as compliant or non-compliant in the ConfigMgr database.
NOTE: Devices may be non-compliant due to a lack of encryption or because they were encrypted using the wrong method.
Actionable Results
You can run Right Click Tools actions for single or multi-selected devices.
Actions commonly run against this dashboard:
Microsoft Permissions for the Proxy Service Account
- Requires read rights to Active Directory OUs and the computer objects contained within them for the specific domain.
- Requires read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys.
- Requires read rights to the MBAM Recovery and Hardware database.
- Requires read rights to the MBAM Compliance Status database.