Microsoft BitLocker Administration and Monitoring (MBAM) generates various reports to monitor BitLocker usage and compliance. To access the Reports feature of MBAM, open the MBAM administration website. Select Reports in the navigation pane. Then, in the main content pane, click the tab for your report type: Enterprise Compliance Report, Computer Compliance Report, Recovery Audit Report, or Volume Report. In addition, this topic also includes detailed information to help understand MBAM reports. In this guide, I will be discussing the MBAM Enterprise Compliance Reports, Computer Compliance Reports, and Recovery Audit Reports. Here is a guide on how to query MBAM to display the report for BitLocker Recovery for a specified period of time. We will discuss in detail the following topic: “understanding Microsoft BitLocker Administration and Monitoring Report Fields”.
How to access Microsoft BitLocker Administration and Monitoring Report Fields
To access the Reports feature of Microsoft BitLocker Administration and Monitoring, open a web browser and open the Administration and Monitoring Website as shown in the image below. Select Reports in the left menu bar and then select from the top menu bar the kind of report that you want to generate.
Kindly refer to these related guides: How to create MBAM Enterprise and Compliance, and Recovery Audit reports, how to resolve “MBAM reports cannot be accessed because it could not load folder contents“, how to analyze group policies applied to a user and computer account, and how to determine why an MBAM protected device is non-compliant.
To run the reports, you must be a member of the Report Users Role on the servers where the “Administration and Monitoring Server,” “Compliance and Audit Reports,” and “Compliance Status Database” features are installed. This article does not address the “Configuration Manager topology”.
If you chose the stand-alone topology when installing Microsoft BitLocker Administration and Monitoring (MBAM), you can run different reports in MBAM to monitor BitLocker usage and compliance. MBAM reports compliance and other information about all of the computers and devices it manages.
The information on this topic can be used to help you understand the Microsoft BitLocker Administration and Monitoring reports for enterprise and Computer (Individual) Compliance and for key recovery activity.
Microsoft BitLocker Administration and Monitoring Enterprise Compliance Report
An Enterprise Compliance Report provides information on overall BitLocker compliance in your organization. Use this report type to collect information on overall BitLocker compliance in your organization. There are available filters for this report that allow you to narrow your search results according to Compliance state and Error status. This report runs every six hours.
Use this report type to collect information on overall BitLocker compliance in your organization. You can also use different filters to narrow your search results to Compliance state and Error status. The report information is updated every six-hour.
Enterprise Compliance Report fields
|Computer Name||The user-specified DNS name is being managed by MBAM.|
|Domain Name||The fully qualified domain name is where the client computer resides and is managed by MBAM.|
|Compliance Status||The state of compliance for the computer, according to the policy specified for the computer. The possible states are Noncompliant and Compliant. For more information, see Enterprise Compliance Report Compliance States in this topic.|
|Exemption||The state of the computer hardware for determining the identification of the hardware type and whether the computer is exempt from policy. There are three possible states: Hardware Unknown (the hardware type has not been identified by MBAM), Hardware Exempt (the hardware type was identified and was marked as exempt from MBAM policy), and Not Exempt (the hardware was identified and is not exempt from policy).|
|Device Users||Known users on the computer that is being managed by MBAM.|
|Compliance Status Details||Error and status messages about the compliance state of the computer in accordance to the specified policy.|
|Last Contact||Date and time when the computer last contacted the server to report compliance status. This time is configurable. See MBAM policy settings.|
Enterprise Compliance Report status
|Compliance Status||Exemption||Description||User Action|
|Noncompliant||Not Exempt||The computer is non-compliant according to the specified policy, and the hardware type has not been indicated as exempt from the policy.||Click Computer Name to expand the Computer Compliance Report and determine whether the state of each drive complies with the specified policy. If the encryption state indicates that the computer is not encrypted, encryption might still be in process, or there might be an error on the computer. If there is no error, the likely cause is that the computer is still in the process of connecting or establishing the encryption status. Check back later to determine if the state changes.|
|Compliant||Not Exempt||The computer is compliant in accordance with the specified policy.||No Action is needed. Optionally, you can view the Computer Compliance Report to confirm the state of the computer.|
|Compliant||Hardware Exempt||If the Hardware type is exempt. Regardless of how the policy is set or the individual status of each hard drive, the overall state is considered to be compliant.||No action is needed.|
|Compliant||Hardware Unknown||MBAM recognizes the hardware type, but MBAM does not know whether it is exempt or not exempt. This occurs if the administrator has not set the Compatible status for the hardware. Therefore, MBAM reverts to Compliant status by default.||This is the initial state of a newly deployed MBAM client. It is typically only a transient state. Even if the administrator has marked the Hardware as Compatible, there can be a significant delay or configurable wait time before the client computer reports back in. Make note of the time of Last Contact, and check in again after the specified interval to see if the state has changed. If the state has not changed, there may be an error for this computer or hardware type.|
Microsoft BitLocker Administration and Monitoring Computer Compliance Report Fields
The Computer Compliance Report displays information that is specific to a computer or user. This report can be viewed by clicking the computer name in the Enterprise Compliance Report, or by typing the computer name in the Computer Compliance Report.
The Computer Compliance Report provides detailed encryption information and applicable policies for each drive on a computer, including operating system drives and fixed data drives. To view the details of each drive, expand the Computer Name entry.
Note! The removable Data Volume encryption status will not be shown in the report. This report does not provide encryption status for Removable Data Volumes
Computer Compliance Report fields
|Computer Name||The user-specified DNS computer name is being managed by MBAM.|
|Domain Name||The fully qualified domain name where the client computer resides and is managed by MBAM.|
|Computer Type||The portability type of computer. Valid types are non-Portable and Portable.|
|Operating System||The fully qualified domain name is where the client computer resides and is managed by MBAM.|
|Compliance Status||The overall Compliance Status of the computer is managed by MBAM. Valid states are Compliant and Noncompliant. While it is possible to have Compliant and Noncompliant drives in the same computer, this field indicates the overall computer compliance per specified policy.|
|Policy Cypher Strength||The Cipher Strength was selected by the Administrator during the MBAM policy specification. For example, 128-bit with Diffuser|
|Policy Operating System Drive||Indicates whether encryption is required for the O/S and the protector type as applicable.|
|Policy Fixed Data Drive||Indicates whether encryption is required for the Fixed Drive.|
|Policy Removable Data Drive||Indicates whether encryption is required for the Removable Drive.|
|Device Users||Provides the identity of known users on the computer.|
|Exemption||Indicates whether the computer hardware type is recognized by MBAM and, if known, whether the computer has been indicated as exempt from the policy. There are three states: Hardware Unknown (the hardware type has not been identified by MBAM); Hardware Exempt (the hardware type was identified and was marked as exempt from MBAM policy); and Not Exempt (the hardware was identified and is not exempt from the policy).|
|Manufacturer||The computer manufacturer’s name as it appears in the computer BIOS.|
|Model||The computer manufacturer model name as it appears in the computer BIOS.|
|Compliance Status Details||Error and status messages of the compliance state of the computer in accordance with the specified policy.|
|Last Contact||Date and time that the computer last contacted the server to report compliance status. T|
Computer Compliance Report Drive fields
Use this report type to collect information that is specific to a computer or user. This report can be viewed by clicking the computer name in the Enterprise Compliance Report, or by typing the computer name in the Computer Compliance Report. The Computer Compliance Report provides detailed encryption information about each drive (operating system and fixed data drives) on a computer, and also an indication of the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry.
Removable Data Volume encryption status will not be shown in the report.
This report can help you audit changes to the Hardware Compatibility status of specific computer makes and models. To help you narrow your search results, this report includes filtering on criteria such as type of change and time of occurrence. Each state change is tracked by user and date and time. The Hardware Type is automatically populated by the MBAM agent that runs on the client computer.
This report tracks user changes to the information collected directly from the MBAM-managed computer. A typical administrative change is changing from Compatible to incompatible. However, the administrator can also revise any field.
The Recovery Audit Report can help you audit users who have requested access to recovery keys.
The filter criteria for this report include the type of user making the request, type of key requested, time of occurrence, success or fail, time of occurrence, and type of user requesting (help desk, end-user).
This report enables administrators to produce contextual reports based on need.
Recovery Audit Report Fields
|Request Date and Time||The date and time that a key retrieval request was made by an end-user or help desk user.|
|Request Status||Status of the request. Valid statuses are either Successful (the key was retrieved) or Failed (the key was not retrieved).|
|Helpdesk User||The help desk user who initiated the request for key retrieval. If the help desk user retrieves the key on behalf of an end-user, the End User field will be blank.|
|User||The end-user who initiated the request for key retrieval.|
|Key Type||The type of key that was requested. MBAM collects three key types: Recovery Key Password (to recover a computer in recovery mode); Recovery Key ID (to recover a computer in recovery mode on behalf of another user); and Trusted Platform Module (TPM) Password Hash (to recover a computer with a locked TPM).|
|Reason Description||The reason that the specified Key Type was requested. The reasons are specified in the Drive Recovery and Manage TPM features of the Administrative website. Valid entries include user-entered text or one of the following reason codes: Operating System Boot Order changedBIOS changed operating System files changed lost Startup key lost PINTPM ResetLost PassphraseLost SmartcardReset PIN lockout turns on TPMTurn off TPMChange TPM password clear TPM|
Note To save report results to a file, click the Export button on the reports menu bar.