BitLocker Web Dashboard

Last Modified on 07.10.23

The BitLocker Web Dashboard scans Active Directory, Configuration Manager, and MBAM for BitLocker compliance information.

Common Use Cases

  • Identifying computers without stored recovery keys
  • Identifying computers with no encryption or incorrect encryption
  • Monitoring recovery key location changes during a migration

Run a BitLocker Scan

To scan devices for BitLocker compliance:

1. In your Recast Management Server, navigate to Dashboards > BitLocker.

2. On the BitLocker page, click Select Service Connections to choose service connections to include in the scan.

3. In the side panel that opens, select objects in Active Directory and Configuration Manager.

4. Ensure that at least one MBAM service connection is selected to run MBAM actions.

5. Click Save & Run Scan

Edit Configuration Filters

After a scan runs, you can click Edit to change the service connections included in the scan.

Create a Snapshot

Take a snapshot of the dashboard to capture the state of your system at a single point in time.

To create a snapshot:

After a scan runs, click Create Snapshot.

Create a Trend

Schedule regular snapshots to view BitLocker compliance over a set period of time. See BitLocker Web Dashboard Trend.

BitLocker Charts

BitLocker Recovery Key Storage: Displays devices according to where recovery keys are stored (AD, MBAM, ConfigMgr). Also displays devices without stored keys.

Unified Compliance: Displays devices according to compliance in the ConfigMgr database, the MBAM database, or both.

BitLocker Web Dashboard pie charts

Click on a segment of the chart or legend to view details in the table.

NOTE: Devices may be non-compliant due to a lack of encryption or because they were encrypted using the wrong method.

BitLocker Tabs

Tabbed views offer additional information about the devices in each category. There are also options to Export to CSV and to Expand to Full Screen.

BitLocker Web Dashboard table

Actionable Results

Right Click Tools actions commonly run against results in this dashboard:

Microsoft Permissions for the Proxy Service Account

  • Requires read rights to Active Directory OUs and the computer objects contained within them for the specific domain.
  • Requires read rights to AD computer object leaf/nested objects which contain BitLocker recovery keys.
  • Requires read rights to the MBAM Recovery and Hardware database. 
  • Requires read rights to the MBAM Compliance Status database.

Related Articles

Was this article helpful?
Thank you for your feedback!
Copyright © 2023 Recast Software, LLC. All rights reserved.
Copyright © 2020 – Recast Software, LLC. All rights reserved.