BitLocker Web Dashboard

The BitLocker Web Dashboard scans Active Directory, MBAM, and ConfigMgr for BitLocker compliance information.

Common Use Cases

  • Identifying computers without stored recovery keys
  • Identifying computers with no encryption or incorrect encryption
  • Monitoring recovery key location changes during a migration

Run a BitLocker Scan

To scan devices for BitLocker compliance:

1. In your Recast Management Server, navigate to Dashboards > BitLocker.

2. On the BitLocker page, select an existing domain or site, or click Add to create a new service connection.

3. Click the Scan icon. Start Scan Button

Create a Snapshot

To create a snapshot of the scan results, click the Snapshot icon.Create Snapshot Button

Create a Trend

View BitLocker compliance over a set period of time by creating a BitLocker Web Dashboard Trend.

BitLocker Charts

Left-hand chart: Displays devices according to where recovery keys are stored (AD, MBAM, ConfigMgr). Also displays devices without stored keys.

Center chart: Percentage of devices listed as compliant or non-compliant in the MBAM database.

Right-hand chart: Percentage of devices listed as compliant or non-compliant in the ConfigMgr database.

NOTE: Devices may be non-compliant due to a lack of encryption or because they were encrypted using the wrong method.

Actionable Results

You can run Right Click Tools actions for single or multi-selected devices.

Actions commonly run against this dashboard:

Microsoft Permissions for the Proxy Service Account

  • Requires read rights to Active Directory OUs and the computer objects contained within them for the specific domain.
  • Requires read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys.
  • Requires read rights to the MBAM Recovery and Hardware database. 
  • Requires read rights to the MBAM Compliance Status database.