Home » BitLocker Audit & Reports
Applicable For Endpoint Central MSP 
 
 

BitLocker Audit & Reports

Table of contents

Managed Computers

The Managed Computers section under Insights provides detailed information about each device, including its name, domain, operating system, storage capacity, encryption status, applied policy, BitLocker and TPM availability, and BitLocker component and prerequisite statuses.

Managed Computers

The Encryption Status conveys the machine-level encryption status, summarizing all the drives in a computer, and it lists the following details:

  • Unknown with the green icon indicates that the BitLocker pre-requisites have been met but the BitLocker module is not enabled.
  • Unknown with the orange icon indicates that the BitLocker pre-requisites have not been met and the drive has not been encrypted.
  • Fully Decrypted with the green icon indicates that the BitLocker pre-requisites have been met, but the drive has not been encrypted.
  • Fully Decrypted with the orange icon indicates that the BitLocker pre-requisites have not been met and the drive has not been encrypted.
  • Fully Encrypted with the green icon indicates that the BitLocker pre-requisites have been met and that BitLocker has been successfully enabled.
  • Fully Encrypted with the orange icon indicates that the BitLocker pre-requisites have not been met but BitLocker has been enabled.

BitLocker Reports

All computers are scanned to assess their BitLocker encryption status and drive details. The initial scan occurs right after the agent installation, with subsequent scans detecting new computers and monitoring changes in drive status and encryption progress. Within the status report, these BitLocker details are included:

  • Volume details: Provides details about the computer volumes, including name and identification number.
  • Protection Status: Indicates whether the drive is protected through BitLocker encryption.
  • Encryption status: Conveys the encryption status of the specific drive. The 'Fully Encrypted' status indicates that the drive is completely encrypted. The 'Fully Decrypted' status indicates that the drive is not encrypted.
  • Encryption method: Microsoft's native BitLocker feature will select and utilize one of the various encryption methods by default, such as AES-CBC 128-bit, AES-CBC 256-bit, or XTS-AES 128
  • Lock Status: Displays whether the drive is locked or unlocked.
  • Drive Type: Indicates whether the drive selected for encryption is an OS drive, data drive, or both.
  • Protector: Shows the current protection method, such as solely TPM, TPM and Passphrase, or a just a Passphrase or Numerical password. The OS drive (:C) is protected by TPM, while an external key protects the data drives.
  • Auto lock: Indicates whether the drive is auto-locked. For extra safety, this applies only if the OS volume is encrypted.
  • Auto Unlock: Displays whether Auto Unlock is disabled or enabled.
  • Percentage Converted: Displays the encryption progress status.
  • Volume Status: Categorizes and displays the volumes as Fully Encrypted Computers, Fully Decrypted Computers, or Partially Encrypted Computers.
  • Drive Size: Displays the size of the selected drive.
  • BitLocker Version: Displays the BitLocker feature version.

Bitlocker Reports

TPM Reports

The Trusted Platform Module (TPM) is a hardware security chip embedded in the motherboard to provide hardware-level drive encryption. It generates a set of cryptographic keys unique to the host system, with part of the keys stored in the TPM and the rest of them on the hard drive. During authentication, the drive contents are accessible only when the key pairs match. If the hard drive is accessed from another computer, the data remains encrypted.

A system scan gathers the following TPM-related information for each computer, and the report includes:

  • TPM Availability of computers: Details the specific system requirements necessary for each computer to support a TPM chip. After the scan, the number of computers with and without the TPM chip installed will be displayed.
  • Enabling TPM: Shows whether TPM is enabled or disabled at the hardware/BIOS level. TPM Chip must be enabled at the hardware/BIOS level to utilize the benefits.
  • Activating TPM: The TPM, in addition to being enabled, needs activation at the OS level. This report provides whether the TPM is activated or deactivated.
  • Owned: Displays whether IT admins have ownership privileges to manage TPM operations.
  • Manufacturer details: Displays the name of the TPM chip manufacturer.

TPM Reports

 

If you have any further questions, please refer to our Frequently Asked Questions section for more information.