Understanding MBAM 2.5 Stand-alone Reports
Platí pro: Microsoft BitLocker Administration and Monitoring 2.5
This topic describes the reports that are available when you are running Ochrana koncového bodu Microsoft BitLocker (MBAM) in the Stand-alone topology.
Poznámka
If you are running MBAM with the Configuration Manager Integration topology, you generate reports from Configuration Manager rather than from MBAM. See Viewing MBAM 2.5 Reports for the Configuration Manager Integration Topology for more information about these reports.
Understanding the MBAM Stand-alone topology reports
MBAM provides three report types that you can use to monitor your organization for BitLocker compliance:
Enterprise Compliance Report
Computer Compliance Report
Recovery Audit Report
To access MBAM reports when you are running MBAM in the Stand-alone topology, open a web browser, and then open the Administration and Monitoring Website. Select Reports in the left menu bar. From the top menu bar, select the kind of report that you want to generate. For more information about generating these reports, see Generating MBAM 2.5 Stand-alone Reports.
Enterprise Compliance Report
Use this report type to collect information about overall BitLocker compliance in your organization. You can use filters to narrow your search results to learn more about the compliance state and error status of computers in your organization.
Enterprise Compliance Overview
| Column Name | Description |
|---|---|
Managed Computers |
Number of computers that MBAM manages. |
% Compliant |
Percentage of compliant computers in the enterprise. |
% Non-Compliant |
Percentage of non-compliant computers in the enterprise. |
% Exempt |
Percentage of computers exempt from the BitLocker encryption requirement. |
% Non-Exempt |
Percentage of computers exempt from the BitLocker encryption requirement. |
Compliant |
Percentage of compliant computers in the enterprise. |
Non-Compliant |
Percentage of non-compliant computers in the enterprise. |
Exempt |
Total computers that are exempt from the BitLocker encryption requirement. |
Non-Exempt |
Total computers that are not exempt from the BitLocker encryption requirement. |
Enterprise Compliance Computer Details
| Column Name | Description |
|---|---|
Computer Name |
User-specified DNS name that is managed by MBAM. |
Domain Name |
Fully qualified domain name where the client computer resides and is managed by MBAM. |
Compliance Status |
State of compliance for the computer, according to the policy specified for the computer. The states are Noncompliant and Compliant. See the following Enterprise Compliance Report Compliance States table for more information about how to interpret compliance states. |
Exemption |
Status that indicates whether this computer is exempt from the BitLocker policy. |
Compliance Status Details |
Error and status messages about the compliance state of the computer in accordance to the policy specified. |
Last Contact |
Date and time when the computer last contacted the server to report compliance status. The contact frequency is configurable. For more information, see the MBAM Group Policy settings. |
Computer Compliance Report
Use this report type to collect information that is specific to a computer or user.
View this report by clicking the computer name in the Enterprise Compliance Report, or by typing the computer name in the Computer Compliance Report. This report shows detailed encryption information about each drive (operating system and fixed data drives) on a computer. It also indicates the policy that is applied to each drive type on the computer. To view the details of each drive, expand the Computer Name entry.
Poznámka
Removable Data Volume encryption status is not shown in this report.
Computer Compliance Report Fields
| Column Name | Description |
|---|---|
Computer Name |
User-specified DNS computer name that is managed by MBAM. |
Domain Name |
Fully qualified domain name where the client computer resides and is managed by MBAM. |
Computer Type |
Type of computer. Valid types are Non-Portable and Portable. |
Operating System |
Operating system type found on the client computer that is managed by MBAM. |
Compliance Status |
Overall compliance status of the computer that is managed by MBAM. Valid states are Compliant and Noncompliant. Notice that the compliance status per drive (see the following table) may indicate different compliance states. However, this field represents that compliance state, according to the specified policy. |
Policy Cipher Strength |
Cipher strength selected by the administrator during MBAM policy specification (for example, 128-bit with diffuser). |
Policy Operating System Drive |
Indicates if encryption is required for the operating system and shows the appropriate protector type. |
Policy-Fixed Data Drive |
Indicates if encryption is required for the fixed data drive. |
Policy Removable Data Drive |
Indicates if encryption is required for the removable drive. |
Device Users |
Known users on the computer that is managed by MBAM. |
Exemption |
Status that indicates whether this computer is exempt from the BitLocker policy. |
Manufacturer |
Computer manufacturer name, as it appears in the computer BIOS. |
Model |
Computer manufacturer model name, as it appears in the computer BIOS. |
Compliance Status Details |
Error and status messages about the compliance state of the computer, in accordance with the specified policy. |
Last Contact |
Date and time that the computer last contacted the server to report compliance status. The contact frequency is configurable. For more information, see the MBAM Group Policy settings. |
Computer Compliance Report Drive Fields
| Column Name | Description |
|---|---|
Drive Letter |
Computer drive letter that was assigned to the particular drive by the user. |
Drive Type |
Type of drive. Valid values are Operating System Drive and Fixed Data Drive. These are physical drives rather than logical volumes. |
Cipher Strength |
Cipher strength selected by the administrator during MBAM policy specification. |
Protector Type |
Type of protector selected through the Group Policy setting used to encrypt an operating system or fixed data volume. |
Protector State |
Indicates that the computer being managed by MBAM has enabled the protector type that is specified in the policy. The valid states are ON or OFF. |
Encryption State |
Encryption state of the drive. Valid states are Encrypted, Not Encrypted, and Encrypting. |
Compliance Status |
State that indicates whether the drive is in accordance with the policy. States are Noncompliant and Compliant. |
Compliance Status Details |
Error and status messages of the compliance state of the computer, according to the specified policy. |
Recovery Audit Report
Use this report type to audit users who have requested access to BitLocker recovery keys. The report offers several filters based on the desired filtering criteria. You can filter on a specific type of user (a Help Desk user or an end user), whether the request failed or was successful, the specific type of key requested, and a date range during which the retrieval occurred.
Recovery Audit Report Fields
| Column Name | Description |
|---|---|
Request Date and Time |
Date and time that a key retrieval request was made by an end user or Help Desk user. |
Request Status |
Status of the request. Valid statuses are Successful (the key was retrieved), or Failed (the key was not retrieved). |
Helpdesk User |
Help Desk user who initiated the request for key retrieval. Poznámka If the Help Desk user retrieves the key on behalf on an end-user, the End User field will be blank. |
End User |
End user who initiated the request for key retrieval. |
Computer |
Computer name of the computer that was recovered. |
Key Type |
Type of key that was requested by the Help Desk user or the end user. The three types of keys that MBAM collects are:
|
Reason Description |
Reason the specified key type was requested by the Help Desk user or the end user. The reasons are specified in the Drive Recovery and Manage TPM features of the Administration and Monitoring Website. The valid entries are user-entered text or one of the following reason codes:
|
Poznámka
Report results can be saved to a file by clicking the Export button on the Reports menu bar.
Got a suggestion for MBAM?
Add or vote on suggestions here. For MBAM issues, use the MBAM TechNet Forum.
Viz také
Úlohy
Generating MBAM 2.5 Stand-alone Reports