Query MBAM to display the BitLocker Recovery report

Posted on Christian By Christian No Comments on Query MBAM to display the BitLocker Recovery report
images

MBAM reports compliance and other information about all of the computers it manages. The information on this topic can be used to help understand the Microsoft BitLocker Administration and Monitoring reports for enterprise and individual computer compliance and for key recovery activity. In this guide, you will learn how to query MBAM to display the BitLocker Recovery report. Please see: Enterprise Compliance, Computer Compliance, and Recovery Audit Report: Understanding the Microsoft BitLocker Administration and Monitoring (MBAM) reports fields,.

If you can configure SQL Server Reporting Services to send in Enterprise Compliance, Computer Compliance, and Recovery Audit Report on a periodic time (day, week, or on monthly basis) as you wish. Also, you may want to get a specific report for a period of time such as a Monday or week.

By this, you would like to get a list of devices that were recovered from a certain period of time. This guide will help you achieve this goal. Therefore, I would love to describe what can be achieved via the Recovery Audit Report!

Recovery Audit Report

Use this report type to audit users who have requested access to recovery keys. The report offers several filters based on the desired filtering criteria. Users can filter on a specific type of user, either a Help Desk user or an end-user.

Whether the request failed or was successful, the specific type of key requested, and the date range during which the retrieval occurred. The administrator can produce contextual reports based on need.

Also, see MBAM Frequent Report Errors: Understanding Microsoft BitLocker Administration and Monitoring compliance state and error status. How to fix you are not allowed to view this folder on SSRS: MBAM reports cannot be accessed because it could not load folder contents.

Who has access to the MBAM reports?

MBAM Report Users have access to the Compliance and Audit reports in the MBAM administration website.

Note: The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Reports Server, and Compliance Status Database Server.

See this guide on how to determine why an MBAM protected device is non-compliant, and how to deploy Microsoft BitLocker Administration and Monitoring Tool.

Query MBAM to display the BitLocker Recovery report for a Specific Period

Open a web browser and navigate to the Administration and Monitoring website (SQL Server Reporting Services via your organisation). When launched, it should look like the image below.

Please select the Recovery Audit Report.
Screenshot 2022 02 02 at 23.53.39

Select the filters for your Recovery Key Audit report. The available filters for Recovery Key audits are as follows below.

querrymmbamforreport2

The image below shows more filter that can be chosen from for the Recovery Key Audit report. 

querrymmbamforreport1
As you can see below, the results are displayed upon clicking on "View Reports".

If you wish to share this with your superiors, kindly click on the Save Button in the reports.

Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel.

querrymmbamforreport

Please see this guide for steps on how to create MBAM Enterprise and Compliance, and Recovery Audit reports.

Note: if you wish to generate an Enterprise Compliance Report, kindly keep this in mind. Historical MBAM client data is retained in the compliance database for historical reference in case a computer is lost or stolen.

When running enterprise reports, we recommend that you use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase reporting data accuracy.

FAQs

What is the default encryption algorithm for BitLocker?

The default BitLocker device encryption uses the XTS-AES 128-bit encryption method, by default

How can I speed up MBAM Reporting?

In addition to gpupdate /force, you can manually trigger MBAM client reporting using:

Invoke-MbamClientDeployment.ps1 –RecoveryServiceEndpoint https://mbamserver/MBAMRecoveryAndHardwareService/Core

Or restart the MBAM agent service: Restart-Service -Name “MDOP MBAM Agent”

Why do I see “No data available” for encryption status in MBAM?

The “No data available” message indicates that there is a delay configured for the MBAM (Microsoft BitLocker Administration and Monitoring) agent. This delay means the client does not report encryption status to the MBAM server in real-time and helps minimize server load time.

To resolve this, you will need to wait for the next reporting cycle to complete automatically or you can manually trigger a policy update by running the following command in an elevated Command Prompt:

I hope you found this blog post helpful on how to query MBAM to display the BitLocker Recovery report. If you have any questions, please let me know in the comment session.

5/5 - (1 vote)
Network | Monitoring Tags:, , , , , , , , , ,

Related Posts

More Related Articles

Watchguard Firewall 180504 100511 1 Reset an XTM Firebox Device: Easy Guide Network | Monitoring
Enhancing Proactive Monitoring with Veeam ONE Enhanced Proactive Monitoring with Veeam ONE Backup
How to disable web console in Cisco switches Network | Monitoring
Different Class IP Address Classes of IP Address: Understanding IP Address Classification Network | Monitoring
Synology Wi Fi CC400W Review of the Synology CC400W Installation and Configuration Network | Monitoring
Cannot save to the location Windows How to Fix Cannot Save to Windows System32 Default.rdp Error Network | Monitoring

Leave a Reply