This part two of our three part series on MBAM from AJ Smith.

In my last blog post, I described how Microsoft BitLocker Administration and Monitoring (MBAM) can simplify BitLocker Drive Encryption provisioning. In this blog post, I’ll describe how MBAM makes it easier to monitor your computers for compliance with the BitLocker policy that you deployed.

While MBAM does a great job of helping you provision BitLocker, one of the areas it shines the most is compliance reporting. The reports it includes can help you quickly determine the status of the entire organization or a single computer. They can also help you monitor access to the MBAM databases.

Imagine that a user loses his laptop computer, and it contains confidential data. With MBAM, you can quickly look up the computer to determine whether it was compliant with BitLocker policy. You will know immediately whether the loss represents any risk.

MBAM provides the following reports in the MBAM management console:

• Enterprise Compliance Report. This report can tell you at a glance the BitLocker compliance status of your entire organization. Figure 1 shows an example. In this case, about half the computers are compliant, one fourth are not compliant, and another fourth are exempt.
• Computer Compliance Report. This report indicates whether a specific computer or a specific user’s computers are compliant with BitLocker policy. In the scenario where a user loses his laptop computer, you would use this report to determine its status.
• Recovery Audit Report. This report indicates who has accessed recovery key information, successfully or not.
• Hardware Audit Report. This report indicates who has changed the hardware compatibility list and when the MBAM client discovers new hardware. When you enable hardware compatibility checking, the MBAM client uses the hardware compatibility list to determine whether each computer model supports BitLocker.

Figure 1. Enterprise Compliance Report

You’re not limited to the reports that MBAM offers. You can also create custom compliance reports by using the built in SQL Server Reporting Services tools.

Compliance reporting can give you peace of mind. You know whether the computers in your organizations are compliant with BitLocker policy or not. Another great capability that MBAM offers is reducing support costs and end user downtime associated with BitLocker.

In my next blog post, I’ll describe how MBAM enables the support desk to quickly and securely unlock a BitLocker hard drive. Until then, I recommend that you download the MBAM beta at Microsoft Connect. The MBAM beta includes guidance that can help you install and evaluate MBAM in a lab environment.

For more information on MBAM or all of our MDOP products, make sure to visit the MDOP Zone on the Springboard Series on TechNet.