Network

Recovery Audit Report: How to query MBAM to display the report for BitLocker Recovery for a specified period of time

images

MBAM reports compliance and other information about all of the computers and devices it manages. The information in this topic can be used to help understand the Microsoft BitLocker Administration and Monitoring reports for enterprise and individual computer compliance and for key recovery activity. Here are some related guides: Enterprise Compliance, Computer Compliance, and Recovery Audit Report: Understanding the Microsoft BitLocker Administration and Monitoring (MBAM) reports fields, MBAM Frequent Report Errors: Understanding Microsoft BitLocker Administration and Monitoring compliance state and error status, and how to fix you are not allowed to view this folder on SSRS: MBAM reports cannot be accessed because it could not load folder contents.

If you can configure SQL Server Reporting Services to send in Enterprise Compliance, Computer Compliance, and Recovery Audit Report in a periodic time (day, week, or on monthly basis) as you wish. Also, you may want to get a specific report for a period of time such as a monday or week. By this, you would like to get a list of devices that were recovered from a certain period of time. This guide will help you achieve this goal. Therefore, I would love to describe what can be achived via the Recovery Audit Report!

Recovery Audit Report

Use this report type to audit users who have requested access to recovery keys. The report offers several filters based on the desired filtering criteria. Users can filter on a specific type of user, either a Help Desk user or an end-user, whether the request failed or was successful, the specific type of key requested, and a date range during which the retrieval occurred. The administrator can produce contextual reports based on need.

Who has access to the MBAM reports?

MBAM Report Users have access to the Compliance and Audit reports in the MBAM administration website.The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Reports Server, and Compliance Status Database Server.See this guide on how to determine why an MBAM protected device is non-compliant, and how to deploy Microsoft BitLocker Administration and Monitoring Tool.

Create an MBAM Recovery Key Audit Report for a Specific Period

Open a web browser and navigate to the Administration and Monitoring website (SQL Server Reporting Services via your organisation). When launched, it should look like the image below.

Please select the Recovery Audit Report. 
Screenshot 2022 02 02 at 23.53.39

Select the filters for your Recovery Key Audit report. The available filters for Recovery Key audits are as follows below.

querrymmbamforreport2

The image below shows more filter that can be chosen from for the Recovery Key Audit report. 

querrymmbamforreport1

As you can see below, the results from the are displayed upjnclicking on “View Reports”. If you wish to share this with your superior, kindly click on the Save Button in the reports.

Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel. Please see this guide for steps on how to create MBAM Enterprise and Compliance, and Recovery Audit reports.

querrymmbamforreport

Note: if you wish to generate an Enterprise Compliance Report, kindly keep this in mind. Historical MBAM client data is retained in the compliance database for historical reference in case a computer is lost or stolen. When running enterprise reports, we recommend that you use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase reporting data accuracy

I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x