Generating MBAM 2.5 stand-alone reports
When you configure Microsoft BitLocker Administration and Monitoring (MBAM) with the stand-alone topology, you can generate reports to monitor BitLocker drive encryption usage and compliance.
For descriptions of the stand-alone reports, see Understanding MBAM 2.5 stand-alone reports.
Note
To run the reports, you must be a member of the MBAM Report Users group, which you configure in Active Directory Domain Services. For more information, see Planning for MBAM 2.5 groups and accounts.
To open the Administration and Monitoring website
Open a web browser and navigate to the Administration and Monitoring website. The default URL for the Administration and Monitoring website is:
https://<MBAMAdministrationServerName>:<port>/HelpdeskIn the left pane, select Reports. From the top menu bar, select the report you want to run.
MBAM client data is retained in the Compliance and Audit Database for historical reference in case a computer is lost or stolen. When running enterprise reports, we recommend that you use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase reporting data accuracy.
After you generate a report, you can save the results in different formats, such as HTML, Microsoft Word, and Microsoft Excel.
Note
Configure SQL Server Reporting Services (SSRS) to use Secure Sockets Layer (SSL) before configuring the Administration and Monitoring website. If you don't configure SSRS to use SSL, when you configure the Administration and Monitoring website the URL for the Reports is set to HTTP instead of HTTPS. If you then go to the Administration and Monitoring website and select a report, the following message displays: "Only Secure Content is Displayed." To show the report, select Show All Content.
To generate an Enterprise Compliance Report
From the Administration and Monitoring Website, select the Reports node from the left navigation pane, select Enterprise Compliance Report, and select the filters that you want to use. The available filters for the Enterprise Compliance Report are:
Compliance Status. Use this filter to specify the compliance status types of the report (for example, Compliant or Noncompliant).
Error State. Use this filter to specify the error state types of the report (for example, No Error or Error).
Select View Report to display the selected report.
Select a computer name to view information about the computer in the Computer Compliance Report.
To view information about the volumes on the computer, select the plus sign (
+) next to the computer name.
To generate a Computer Compliance Report
From the Administration and Monitoring Website, select the Report node from the left navigation pane, and then select Computer Compliance Report. Use the Computer Compliance Report to search for User name or Computer name.
Select View Report to view the Computer Compliance Report.
Select a computer name to display more information about the computer in the Computer Compliance Report.
To view information about the volumes on the computer, select the plus sign (
+) next to the computer name.Note
If the computer matches or exceeds the requirements of the MBAM group policy settings, an MBAM client computer is considered compliant.
To generate a Recovery Key Audit Report
From the Administration and Monitoring Website, select the Report node in the left navigation pane, and then select Recovery Audit Report. Select the filters for your Recovery Key Audit Report. The available filters for recovery key audits are as follows:
Helpdesk User. This filter enables users to specify the user name of the requester. The requester is the person in the Help Desk who accessed the key on behalf of an end user.
End User. This filter enables you to specify the user name of the user who called the Help Desk to obtain a recovery key.
Request Result. This filter enables users to specify the request result types (for example, Success or Failed) that they want to base the report on. For example, users might want to view failed key access attempts.
Key Type. This filter enables users to specify the key type that they want to base the report on. For example, for example, Recovery Key Password or TPM Password Hash.
Start Date. This filter is used to define the Start Date part of the date range that the user wants to report on.
End Date. This filter is used to define the End Date part of the date range that the users want to report on.
Select View Report to view the report.