Share via


How to Generate MBAM Reports

When you install Microsoft BitLocker Administration and Monitoring (MBAM) with the Stand-alone topology, you can generate different reports to monitor BitLocker encryption usage and compliance. The procedures in this topic describe how to open the Administration and Monitoring website and the steps that are needed to generate Microsoft BitLocker Administration and Monitoring reports on enterprise compliance, individual computers, and key recovery activity. For detailed information to help understand MBAM reports, see Understanding MBAM Reports.

Note   To run the reports, you must be a member of the Report Users Role on the computers where the Administration and Monitoring Server features, Compliance and Audit Database, and Compliance and Audit Reports are installed.

To open the Administration and Monitoring website

  1. Open a web browser and navigate to the Administration and Monitoring website. The default URL for the Administration and Monitoring website is http://<computername>.

    Note   If the Administration and Monitoring website was installed on a port other than 80, you have to specify the port in the URL (for example, http://<computername>:<port>. If you specified a host name for the Administration and Monitoring website during the installation, the URL is http://<hostname>.

  2. In the left pane, click Reports and then select the report you want to run from the top menu bar.

    Historical MBAM client data is retained in the compliance database for historical reference in case a computer is lost or stolen. When running enterprise reports, we recommend that you use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase reporting data accuracy.

    Note   If SSRS was not configured to use Secure Socket Layer, the URL for the reports will be set to HTTP instead of to HTTPS when you install the MBAM Server. If you then go to the Help Desk portal and select a report, the following message displays: “Only Secure Content is Displayed.” To show the report, click Show All Content.

To generate an Enterprise Compliance Report

  1. From the Administration and Monitoring website, select the Reports node from the left navigation pane, select Enterprise Compliance Report, and select the filters that you want to use. The available filters for the Enterprise Compliance Report are the following:

    • Compliance Status. Use this filter to specify the compliance status types (for example, Compliant, or Noncompliant) of the report.

    • Error State. Use this filter to specify the error state types (for example, No Error, or Error) of the report.

  2. Click View Report to display the selected report.

    Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel.

    Note   The Enterprise Compliance report is generated by a SQL job that runs every six hours. Therefore, the first time you view the report, you may find that some data is missing. You can generate updated report data manually by using SQL Management Studio. From the Object Explorer window, expand SQL Server Agent, expand Jobs, right-click the CreateCache job, and select Start Job at Step….

  3. Select a computer name to view information about the computer in the Computer Compliance Report.

  4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer.

To generate the Computer Compliance Report

  1. In the Administration and Monitoring website, select the Report node from the left navigation pane, and then select the Computer Compliance Report. Use the Computer Compliance report to search for user name or computer name.

  2. Click View Report to view the computer report.

    Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel.

  3. Select a computer name to display more information about the computer in the Computer Compliance Report.

  4. Select the plus sign (+) next to the computer name to view information about the volumes on the computer.

    Note   An MBAM client computer is considered compliant if the computer matches the requirements of the MBAM policy settings.

To generate the Recovery Key Audit Report

  1. From the Administration and Monitoring website, select the Report node in the left navigation pane, and then select the Recovery Audit Report. Select the filters for your Recovery Key Audit report. The available filters for Recovery Key audits are as follows:

    • Requestor. This filter enables users to specify the user name of the requester. The requester is the person in the Help Desk who accessed the key on behalf of a user.

    • Requestee. This filter enables users to specify the user name of the requestee. The requestee is the person who called the Help Desk to obtain a recovery key.

    • Request Result. This filter enables users to specify the request result types (for example, Success or Failed) that they want to base the report on. For example, users may want to view failed key access attempts.

    • Key Type. This filter enables users to specify the Key Type (for example: Recovery Key Password or TPM Password Hash) that they want to base the report on.

    • Start Date. This filter is used to define the Start Date part of the date range that the user wants to report on.

    • End Date. This filter is used to define the End Date part of the date range that the users want to report on.

  2. Click View Report to view the report.

    Results can be saved in different formats, such as HTML, Microsoft Word, and Microsoft Excel.

Monitoring and Reporting BitLocker Compliance with MBAM 2.0