question

DebiLewis-8228 avatar image
0 Votes"
DebiLewis-8228 asked AlexZhu-MSFT edited

Bitlocker log subscription

I am setting up a windows event collector - https://adamtheautomator.com/windows-event-collector/
Since bitlocker is not on this server, I cannot select Bitlocker events to ship.
Is there a way to get a list of events or create an XML query that woudl include all MBAM/Bitlocker events?

windows-server
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MTG-3890 avatar image
0 Votes"
MTG-3890 answered

Just install the Bitlocker feature on the server - you don't have to encrypt the server. If the feature is present, the eventlog providers will be selectable.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

TeemoTang-MSFT avatar image
0 Votes"
TeemoTang-MSFT answered

Please refer to the following documents for a help.
BitLocker event logs
https://docs.microsoft.com/en-us/mem/configmgr/protect/tech-ref/bitlocker/about-event-logs
Use MBAM log files
https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/mbam-25-security-considerations#use-mbam-log-files
However, since you say that bitlocker is not on this server, there will not be a record about BitLocker in log files.


If the Answer is helpful, please click "Accept Answer" and upvote it.
Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.