Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface that you can use to manage BitLocker drive encryption. With MBAM, you can select BitLocker encryption policy options that are appropriate to your enterprise and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the entire enterprise. In addition, you can access recovery key information when users forget their PIN or password, or when their BIOS or boot record changes. Kindly refer to these related guides on MBAM: How to check if Microsoft BitLocker Administration and Monitoring (MBAM) is installed on Windows, and how to install Reporting Services.
MBAM Report Users have access to the Compliance and Audit reports on the MBAM administration website. The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Reports Server, and Compliance Status Database Server. See this guide on how to determine why an MBAM-Protected device is non-compliant, and how to deploy Microsoft BitLocker Administration and Monitoring Tool.
To access the Reports feature of Microsoft BitLocker Administration and Monitoring, open a web browser and open the Administration and Monitoring Website. Select Reports in the left menu bar and then select from the top menu bar the kind of report that you want to generate. Here is a guide on how to query MBAM to display the report for BitLocker Recovery for a specified period of time.
The following permission issue below is intended as the users are ONLY permitted to access them and not the entire SSRS. If they are granted access to the root folder, then they will have access/permission to do other things on the report server.
They are only permitted to access the Microsoft BitLocker Administration and Monitoring website. Please try the URL and replace the “xxxxxxxxx” with your domain-name: https://xxxxxxxx.com/reports/browse/Microsoft%20BitLocker%20Administration%20and%20Monitoring
MBAM Report Types
Enterprise Compliance Report: Use this report type to collect information on overall BitLocker compliance in your organization. You can use different filters to narrow your search results to Compliance state and Error status. The report information is updated every six hours.
Computer Compliance Report: Use this report type to collect information that is specific to a computer or user. This report can be viewed by clicking the computer name in the Enterprise Compliance Report, or by typing the computer name in the Computer Compliance Report. Below is an example of a computer report without including any device information.
Recovery Audit Report: Use this report type to audit users who have requested access to recovery keys. The report offers several filters based on the desired filtering criteria. Users can filter on a specific type of user, either a Help Desk user or an end-user, whether the request failed or was successful, the specific type of key requested, and a date range during which the retrieval occurred. The administrator can produce contextual reports based on need.
Note: As discussed above, you must be a member of the MBAM Report Users to have access to the Compliance and Audit reports on the MBAM administration website. I highly recommend taking a look at how to create MBAM Enterprise and Compliance, and Recovery Audit reports.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.