Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology

This topic describes the reports that are available when you configure Microsoft BitLocker Administration and Monitoring (MBAM) with the Configuration Manager Integration topology. The reports show BitLocker compliance for the enterprise and for individual computers and devices that MBAM manages. The reports provide tabular information and charts, and they have filters that let you view data from different perspectives.

In the Configuration Manager Integration topology, you view reports from Configuration Manager rather than from the Administration and Monitoring Website, with the exception of the Recovery Audit Report, which you continue to view from the Administration and Monitoring Website.

For information about MBAM reports for the Stand-alone topology, see Viewing MBAM 2.5 Reports for the Stand-alone Topology.

Accessing reports in Configuration Manager

To access the Reports feature in Configuration Manager:

Version of Configuration Manager How to view the reports

System Center 2012 Configuration Manager

  1. In the left pane, select the Monitoring workspace.

  2. In the tree, expand Overview > Reporting > Reports > MBAM.

  3. Select the folder that represents the language in which you want to view reports, and then select the report from the right pane.

Configuration Manager 2007

  1. In the left pane, expand Computer Management > Reporting > Reporting Services > <server name> > Report folders > MBAM.

  2. Select the folder that represents the language in which you want to view reports, and then select the report from the right pane.

Description of reports in Configuration Manager

There are a few minor differences in the reports for the Configuration Manager Integration topology and the Stand-alone topology. The following sections describe the data in the MBAM reports for the Configuration Manager Integration topology:

BitLocker Enterprise Compliance Dashboard

The BitLocker Enterprise Compliance Dashboard provides the following graphs, which show BitLocker compliance status across the enterprise:

  • Compliance Status Distribution

  • Non Compliant Errors Distribution

  • Compliance Status Distribution by Drive Type

Compliance Status Distribution

This pie chart shows compliance status for computers within the enterprise. It also shows the percentage of computers, compared to the total number of computers in the selected collection, that has that compliance status. The actual number of computers with each status is also shown. The pie chart shows the following compliance statuses:

  • Compliant

  • Non Compliant

  • User Exempt

  • Temporary User Exempt

  • Policy Not Enforced

  • Unknown. These computers reported a status error, or they are part of the collection, but have never reported their compliance status. The lack of a compliance status could occur if the computer is disconnected from the organization.

Non Compliant Errors Distribution

This pie chart shows the categories of computers in the enterprise that are not compliant with the BitLocker Drive Encryption policy, and shows the number of computers in each category. Each category percentage is calculated from the total number of non-compliant computers in the collection.

  • User postponed encryption

  • Unable to find compatible TPM

  • System partition not available or large enough

  • Policy conflict

  • Waiting for TPM auto provisioning

  • An unknown error has occurred

  • No information. These computers do not have the MBAM Client installed, or they have the MBAM Client installed but not activated (for example, the service is not working).

Compliance Status Distribution by Drive Type

This bar chart shows the current BitLocker compliance status by drive type. The statuses are Compliant and Non Compliant. Bars are shown for fixed data drives and operating system drives. Computers that do not have a fixed data drive are included and show a value only in the Operating System Drive bar. The chart does not include users who have been granted an exemption from the BitLocker Drive Encryption policy or the No Policy category.

BitLocker Enterprise Compliance Details

This report shows information about the overall BitLocker compliance across your enterprise for the collection of computers that is targeted for BitLocker use.

BitLocker Enterprise Compliance Details Fields

Column Name Description

Managed Computers

Number of computers that MBAM manages.

% Compliant

Percentage of compliant computers in the enterprise.

% Non-Compliant

Percentage of non-compliant computers in the enterprise.

% Unknown Compliance

Percentage of computers with a compliance state that is not known.

% Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

% Non-Exempt

Percentage of computers not exempt from the BitLocker encryption requirement.

Compliant

Percentage of compliant computers in the enterprise.

Non-Compliant

Percentage of non-compliant computers in the enterprise.

Unknown Compliance

Percentage of computers with a compliance state that is not known.

Exempt

Total computers that are exempt from the BitLocker encryption requirement.

Non-Exempt

Total computers that are not exempt from the BitLocker encryption requirement.

BitLocker Enterprise Compliance Details States

Compliance Status Exemption Description

Noncompliant

Not exempt

The computer is noncompliant, according to the specified policy.

Compliant

Not exempt

The computer is compliant in accordance with the specified policy.

BitLocker Enterprise Compliance Summary

Use this report type to show information about the overall BitLocker compliance across your enterprise and to show the compliance for individual computers that are in the collection of computers that is targeted for BitLocker use.

BitLocker Enterprise Compliance Summary Fields

Column Name Description

Managed Computers

Number of computers that MBAM manages.

% Compliant

Percentage of compliant computers in the enterprise.

% Non-Compliant

Percentage of non-compliant computers in the enterprise.

% Unknown Compliance

Percentage of computers with a compliance state that is not known.

% Exempt

Percentage of computers exempt from the BitLocker encryption requirement.

% Non-Exempt

Percentage of computers not exempt from the BitLocker encryption requirement.

Compliant

Percentage of compliant computers in the enterprise.

Non-Compliant

Percentage of non-compliant computers in the enterprise.

Unknown Compliance

Percentage of computers with a compliance state that is not known.

Exempt

Total computers that are exempt from the BitLocker encryption requirement.

Non-Exempt

Total computers that are not exempt from the BitLocker encryption requirement.

BitLocker Enterprise Compliance Summary Computer Details

Column Name Description

Computer Name

User-specified DNS computer name that is being managed by MBAM.

Domain Name

Fully qualified domain name, where the client computer resides and is managed by MBAM.

Compliance Status

Overall compliance status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see the table that follows) may indicate different compliance states. However, this field represents that compliance state, in accordance with the policy specified.

Exemption

Status that indicates whether the user is exempt or non-exempt from the BitLocker policy.

Device Users

User of the device.

Compliance Status Details

Error and status messages about the compliance state of the computer in accordance with the policy specified.

Last Contact

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable through the Group Policy settings.

BitLocker Computer Compliance Report

Use this report type to collect information that is specific to a computer. The BitLocker Computer Compliance Report provides detailed encryption information about each drive on a computer (operating system and fixed data drives). It also provides an indication of the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry.

Note
The Removable Data Volume encryption status is not shown in this report.

BitLocker Computer Compliance Report: Computer Details Fields

Column Name Description

Computer Name

User-specified DNS computer name that is being managed by MBAM.

Domain Name

Fully qualified domain name, where the client computer resides and is managed by MBAM.

Computer Type

Type of computer. Valid types are Non-Portable and Portable.

Operating System

Operating System type found on the MBAM managed client computer.

Overall Compliance

Overall compliance status of the computer managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see the table that follows) may indicate different compliance states. However, this field represents that compliance state in accordance with the policy specified.

Operating System Compliance

Compliance status of the operating system that is managed by MBAM. Valid states are Compliant and Noncompliant.

Fixed Data Drive Compliance

Compliance status of the fixed data drive that is managed by MBAM. Valid states are Compliant and Noncompliant.

Last Update Date

Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable through the Group Policy settings.

Exemption

Status that indicates whether the user is exempt or non-exempt from the BitLocker policy.

Exempted User

User who is exempt from the BitLocker policy.

Exemption Date

Date on which the exemption was granted.

Compliance Status Details

Error and status messages about the compliance state of the computer in accordance with the policy specified.

Policy Cipher Strength

Cipher strength selected by the Administrator during the MBAM policy specification (for example, 128-bit with diffuser).

Policy: Operating System Drive

Indicates if encryption is required for the operating system and the appropriate protector type.

Policy: Fixed Data Drive

Indicates if encryption is required for the fixed data drive.

Manufacturer

Computer manufacturer name as it appears in the computer BIOS.

Model

Computer manufacturer model name as it appears in the computer BIOS.

Device Users

Known users on the computer that is being managed by MBAM.

BitLocker Computer Compliance Report: Computer Volume Fields

Column Name Description

Drive Letter

Computer drive letter that was assigned to the particular drive by the user.

Drive Type

Type of drive. Valid values are Operating System Drive and Fixed Data Drive. These are physical drives rather than logical volumes.

Cipher Strength

Cipher strength selected by the Administrator during MBAM policy specification.

Protector Types

Type of protector selected through the policy used to encrypt an operating system or fixed data drive. The valid protector types for an operating system are TPM or TPM+PIN. The valid protector type for a fixed data drive is a password.

Protector State

Indicates that the computer being managed by MBAM has enabled the protector type specified in the policy. The valid states are ON or OFF.

Encryption State

Encryption state of the drive. Valid states are Encrypted, Not Encrypted, and Encrypting.

Got a suggestion for MBAM?

Add or vote on suggestions here. For MBAM issues, use the MBAM TechNet Forum.

Monitoring and Reporting BitLocker Compliance with MBAM 2.5