Contact Us Get Free Products
Search icon Contact Us Get Free Products
SCCM/MECM

Monitor Bitlocker Status using SCCM Bitlocker Report

Benoit LecoursJanuary 14 20193 Min Read

Founder of System Center Dudes. Based in Montreal, Canada, Senior Microsoft SCCM Consultant, 8 times Enterprise Mobility MVP. Working in the industry since 1999. His specialization is designing, deploying and configuring SCCM, mass deployment of Windows operating systems, Office 365 and Intune deployments.

Benoit Lecours

President
Table of Content
SCD Collaborators

If you’ve been using BitLocker in your organization, you probably receive some requests from your security department to monitor the Bitlocker status of a device if it gets stolen. One of them is a free SCCM Bitlocker Report and a free Power BI Dashboard that we’ve done just for you but there’s a couple of ways to achieve this.

#1 – MBAM

The first and recommended one would be to use Microsoft BitLocker Administration and Monitoring (MBAM). However, this tool is not free, you need to have Microsoft Desktop Optimization Pack (MDOP). Microsoft has also announced that the actual MBAM 2.5 version is getting deprecated soon (Extended support on July 2019). So we’ll skip this one for now.

#2 – Configuration baseline

The second solution would be to use a configuration baseline in SCCM to monitor BitLocker and report the configuration baseline status using a report. This is a good solution but you’ll need to create a baseline based on a script and deploy it to all your computers. If you’re not familiar with the configuration baseline and want a quicker, simpler solution, keep reading.

#3 – SCCM Bitlocker Report

Another solution would be to use a built-in SCCM Bitlocker report… but there’s none in the console. The good news is that we’ve created one for you and giving it for free just because we think you’re awesome!

There are 2 small things to do before you can use the free report. You need to enable Bitlocker inventory classes in your Hardware inventory. If your inventory is already configured for Bitlocker, jump to the download section.

#4 – SCCM Power BI Dashboard

If you’re using Power BI in your organization, we’ve also created a free Bitlocker Compliance Dashboard that you can use.

As for the SSRS report, you need to enable Bitlocker inventory classes in your Hardware inventory. If your inventory is already configured for Bitlocker, jump to the download section.

HOW TO ENABLE Bitlocker INVENTORY for SCCM Bitlocker Report

Select the Client Settings that apply to your bitlocker collection. In our example, we’ll use the Default Client Setting but we recommend that you use a custom one.

  • Open the SCCM Console
  • Go to Administration / Client Settings
  • Right-Click your Default Client Setting, select Properties
SCCM Office 365 inventory report
  • Click on Hardware Inventory
  • Click on Set Classes
Sccm Bitlocker report
  • Ensure that Bitlocker (Win32_EncryptableVolume) is enabled
Sccm Bitlocker report

  • Ensure that both TPM (Win32_Tpm) and TPM Status (SMS_TPM) classes are also enabled
Sccm Bitlocker report
  • Close the Hardware inventory class window by clicking ok.

Bitlocker Inventory Verification

Now that our classes are enabled, trigger a Machine Policy Retrieval & Evaluation Cycle (to have the latest Client Settings) followed by an Hardware inventory Cycle on a computer that has Bitlocker enabled. Once the inventory is completed, check the inventory using Resource Explorer :

  • In the SCCM Console
  • Right-Click your device, select Start / Resource Explorer
  • Confirm that you have Bitlocker listed
Sccm Bitlocker report

Free SCCM Bitlocker Reports

Now that you’ve confirmed that the inventory is working, the last thing you need to do is monitoring using reporting.

SSRS

You can download this free report by visiting our product page. The Asset – Bitlocker Status report is free to download.

SCD Collaborators
Comments (38)

imperatorviken

06.19.2024 AT 06:30 AM
Hi everyone i'm testing this report but i just have the problem, that all of the bitlocker attributes are shown as unknown. Can someone tell me what do i have to change ? Thanks
Hide replies 0

Keslaa

11.29.2023 AT 05:15 PM
Late to the party and am trying to get this to report complete information. Everything under the "Bitlocker" heading shows as Unknown - Conversion Status, Protection Status, Encryption Method, etc. How do I correct this to get the actual information?
Hide replies 1

juanluramirez

01.21.2025 AT 07:16 AM
I have the same problem, do you have any information about this?
Hide replies 0

Menesh.Harji

06.04.2021 AT 08:45 AM
Just had a question was does Enabled mean on the report
Hide replies 0

Stimpy

04.09.2021 AT 09:10 AM
Solution
Hi, i like the report very much. I just have the problem, that all of the bitlocker attributes are shown as unknown. Driveletter and a green dot for enabled are ok. I activated the hardware classes and i can see the bitlocker status in the ressource explorer. Can someone point me in the right direction where my problem is please.
Hide replies 0

JagoWu888

07.22.2020 AT 03:04 PM
Hi. I have a question. Thanks for the report btw. My green color and blue color on my pie chart are backwards: green = not encrypted blue = encrypted. How can I make green to be compliant? I did not change anything from the default report. Thank You
Hide replies 0

dbrookland

07.02.2020 AT 11:48 AM
Hi, Seeing error when clicking on a device that presents: the item '/archive/dashboard - device' cannot be found Not sure what that would be. Thanks, Dwight
Hide replies 1

Nicolas Pilon

07.09.2020 AT 12:03 AM
Hello Dbrookland, You must purchase the Dashboard - Device report to be able to make it work with Bitlocker Report. Thanks
Hide replies 0

Jacob

04.23.2020 AT 03:53 PM
Hello, does this work for 1909? I have an older report from a year ago or so and my devices aren't showing up as 1909. I see you mentioned there is an updated report. Does that support 1909 informatin?
Hide replies 0

Chris

02.24.2020 AT 04:41 PM
Did anyone ever find where this report pulls from? I have 30,000 devices and it is pulling 1,000.... Also curious if anyone figured out how to query based off a collection because that would be super helpful!!!
Hide replies 1

Jonathan Lefebvre

02.25.2020 AT 11:42 AM
Hi Chris, the updated version is available for download to selection collection. Try this SQL query to see how many rows you got. select * from v_GS_ENCRYPTABLE_VOLUME could be hardware inventory class missing. thanks Jonathan
Hide replies 0

Anthony

01.27.2020 AT 05:49 PM
Is it possible to include other drives in the report?
Hide replies 0

AnotherUser

11.18.2019 AT 11:16 AM
Encryption method is part of win32_BitLockerEncryptionDetails not under the standard win32_EncryptableVolume It should be the class right after win32_EncryptableVolume not sure why it doesn't show in the author's screenshot
Hide replies 0

Jason

11.13.2019 AT 11:20 AM
Great report has a lot info that I am looking for. I am just wondering where it is pulling from. I have a total of over 9000 computers in our organization and report is pulling only 6000.
Hide replies 0

dave

10.31.2019 AT 01:28 PM
excellent report and much appreciated for sharing. question.....im seeing some laptops with double entries; would we know why this is occurring? could not tell if this report is targeting all systems or a certain collection. is there a way to target just a specific collection? thanks!
Hide replies 1

dave

10.31.2019 AT 03:42 PM
got it fixed.....just needed to change the very first line.... SELECT DISTINCT SYS.ResourceID,SYS.Name0, SYS.AD_Site_Name0, USR.Full_User_Name0, would still like to know how to target specific collections. thanks again.
Hide replies 0

Jonathan

10.03.2019 AT 08:38 AM
The link to download is not working.
Hide replies 0

JP

10.02.2019 AT 02:06 PM
Can the report show if you have an active PIN? Can you support me to know how to add it to the report?
Hide replies 0

ALEX

09.05.2019 AT 06:24 AM
Is there any way to exclude windows 7 results?
Hide replies 0

Cathy

08.05.2019 AT 12:53 PM
I agree - great report and thank you! Would also like to see a filter to run the report against a particular collection if possible. I will be trying to see if there's a way to add a serial number column as well for management. Thank you again, Cathy
Hide replies 0

Peter Braune

06.29.2019 AT 12:04 PM
Great Report, thank you. I have some suggestions though. First of all, set the RepeatOnNewPage property for 'Device Name' to true. Adding some filters for Manufacturer, Model and TPM states might improve the overall experience.
Hide replies 0

Frank S

06.25.2019 AT 07:46 AM
Love this report! One issue I am having is the version number of windows 10. It's not reporting any version higher than 10.0.16299 even though we have many machines with 10.0.17134 that have bitlocker enabled. Any idea why?
Hide replies 0

Shaun

06.20.2019 AT 04:57 PM
I would also like to have this option added. I have tried to edit the report but I have no knowledge of SQL reports so it didn't work. I am also having the same issue others have mentioned that the report only shows a small number of systems at the top of the report in comparison to what we have.
Hide replies 0

Vladislav

06.11.2019 AT 06:01 AM
Hi! Thanks for this useful report! It can be even more useful if it can be modified to run against Computer Collection to get it's status, not against PC name only or * expression. Any suggestions on how can this be implemented?
Hide replies 0
Related posts
Jonathan LefebvreMay 21 20255 Min Read
Import an out-of-band Update in SCCM

While many environments are now leveraging Windows Update for business or Windows Autopatch to...

SCCM/MECM
Jonathan LefebvreMay 02 20254 Min Read
Install SCCM Reporting Services Point with SQL 2022

This post will cover how to install SQL Reporting Services 2022 along with the Reporting point for...

SCCM/MECM
Jonathan LefebvreApril 04 20258 Min Read
SCCM SQL 2022 Install Guide

Download and own this SCCM Installation Guide in a single PDF file. The PDF file is a 162...

SCCM/MECM
Request a Quote

Please fill out the form, and one of our representatives will contact you in Less Than 24 Hours. We are open from Monday to Friday.

Consulting Services

Subscription

PatchMyPC

Reports and Guides

I'm interested in working with you

Consulting services and time banks are used for generic requests. All others are fixed-price plans.

Never share sensitive information (credit card numbers, social security numbers, passwords) through this form.
Request Sent

Thank you for subscribing to our newsletter or requesting a quote. You will receive our next month's newsletter. If you have requested a quote, we will get in touch with you as soon as possible.

Comment Sent

Thank for your reply!

Error

Something went wrong!