5 ( 7 )

If you’ve been using BitLocker in your organization, you probably receive some requests from your security department to monitor the Bitlocker status of a device if it gets stolen. One of them is a free SCCM Bitlocker Report and a free PowerBi Dashboard that we’ve done just for you but there’s a couple of ways to achieve this.

#1 – MBAM

The first and recommended one would be to use Microsoft BitLocker Administration and Monitoring (MBAM). However, this tool is not free, you need to have Microsoft Desktop Optimization Pack (MDOP). Microsoft has also announced that the actual MBAM 2.5 version is getting deprecated soon (Extended support on July 2019). So we’ll skip this one for now.

#2 – Configuration baseline

The second solution would be to use a configuration baseline in SCCM to monitor BitLocker and report the configuration baseline status using a report. This is a good solution but you’ll need to create a baseline based on a script and deploy it to all your computers. If you’re not familiar with the configuration baseline and want a quicker, simpler solution, keep reading.

#3 – SCCM Bitlocker Report

Another solution would be to use a built-in SCCM Bitlocker report… but there’s none in the console. The good news is that we’ve created one for you and giving it for free just because we think you’re awesome!

There are 2 small thing s to do before you can use the free report. You need to enable Bitlocker inventory classes in your Hardware inventory. If your inventory is already configured for Bitlocker , jump to the download section.

#4 – SCCM Power Bi Dashboard

If you’re using Power Bi in your organization, we’ve also created a free Bitlocker Compliance Dashboard that you can use.

As for the SSRS report, you need to enable Bitlocker inventory classes in your Hardware inventory. If your inventory is already configured for Bitlocker, jump to the download section.

HOW TO ENABLE Bitlocker INVENTORY for SCCM Bitlocker Report

Select the Client Settings that apply to your bitlocker collection. In our example, we’ll use the Default Client Setting but we recommend that you use a custom one.

Open the SCCM Console

Go to Administration / Client Settings

Right-Click your Default Client Setting, select Properties

Click on Hardware Inventory

Click on Set Classes

Ensure that Bitlocker (Win32_EncryptableVolume) is enabled





Ensure that both TPM (Win32_Tpm) and TPM Status (SMS_TPM) classes are also enabled

Close the Hardware inventory class window by clicking ok.

Bitlocker Inventory Verification

Now that our classes are enabled, trigger a Machine Policy Retrieval & Evaluation Cycle (to have the latest Client Settings) followed by an Hardware inventory Cycle on a computer that has Bitlocker enabled. Once the inventory is completed, check the inventory using Resource Explorer :

In the SCCM Console

Right-Click your device, select Start / Resource Explorer

Confirm that you have Bitlocker listed





Free SCCM Bitlocker Report

Now that you’ve confirmed that the inventory is working, the last thing you need to do is :

You can download this free report by visiting our product page. The Asset – Bitlocker Status report is available in the Report / Asset Section.

Share this Post

How useful was this post? Click on a star to rate it!







Submit Rating Average rating 5 / 5. Vote count: 7 No votes so far! Be the first to rate this post.