The BitLocker Web Dashboard scans Active Directory, Configuration Manager, and MBAM for BitLocker compliance information.
Common Use Cases
- Identifying computers without stored recovery keys
- Identifying computers with no encryption or incorrect encryption
- Monitoring recovery key location changes during a migration
Run a BitLocker Scan
To scan devices for BitLocker compliance:
1. In your Recast Management Server, navigate to Dashboards > BitLocker.
2. On the BitLocker page, click Select Service Connections to choose service connections to include in the scan.
3. In the side panel that opens, select objects in Active Directory and Configuration Manager.
4. Ensure that at least one MBAM service connection is selected to run MBAM actions.
5. Click Save & Run Scan.
Edit Configuration Filters
After a scan runs, you can click Edit to change the service connections included in the scan.
Create a Snapshot
Take a snapshot of the dashboard to capture the state of your system at a single point in time.
To create a snapshot:
After a scan runs, click Create Snapshot.
Create a Trend
Schedule regular snapshots to view BitLocker compliance over a set period of time. See BitLocker Web Dashboard Trend.
BitLocker Recovery Key Storage: Displays devices according to where recovery keys are stored (AD, MBAM, ConfigMgr). Also displays devices without stored keys.
Unified Compliance: Displays devices according to compliance in the ConfigMgr database, the MBAM database, or both.
Click on a segment of the chart or legend to view details in the table.
NOTE: Devices may be non-compliant due to a lack of encryption or because they were encrypted using the wrong method.
Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.
Right Click Tools actions commonly run against results in this dashboard:
Microsoft Permissions for the Proxy Service Account
- Requires read rights to Active Directory OUs and the computer objects contained within them for the specific domain.
- Requires read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys.
- Requires read rights to the MBAM Recovery and Hardware database.
- Requires read rights to the MBAM Compliance Status database.