ConfigMgr Console
BitLocker and TPM Status Dashboard
Garth JonesOctober 2019’s free System Center Configuration Manager (SCCM) giveaway is the BitLocker and TPM Status dashboard.
Problem:
It goes without saying that companies manage a lot of data and this data must be kept secure at all times. Who wants to tell the CTO or President of your organization that the reason they are in the news or lost a big deal is because a laptop was stolen with important info on it? How can you guarantee that a stolen laptop won’t expose this information to the world? BitLocker of course!
BitLocker and TPM go hand-in-hand, so you need to ensure that both are enabled. How can you tell, though, what laptops are using BitLocker and if it is enabled? What about TPM? Not only do you have to ensure that both were setup correctly to begin with, but sometimes when testing or troubleshooting problems, admins turn one or the other off and forget to turn them back on.
Fortunately, with System Center Configuration Manager (SCCM) Current Branch you can inventory the state of both BitLocker and TPM. Unfortunately, there aren’t any built-in reports for you to run in order to review this data.
Solution: BitLocker and TPM Status Dashboard
With Endpoint Insight’s BitLocker and TPM Status dashboard you can quickly see the number of computers that are completely protected. In addition, you can see how many computers either need BitLocker enabled or have a TPM issue.
Here’s a breakdown of each state by color:
Green = Protected
Yellow = BitLocker is Not Enabled on All Drives
Orange = BitLocker is Turned Off
Pink = BitLocker is Not Enabled
Red = TPM Issue
Protected means that the system is fully encrypted with BitLocker and TPM is correct.
BitLocker is Not Enabled on All Drives means that TPM is setup and ready to use, but a computer has more than one drive within the system where at least one of the drives is not encrypted with BitLocker. Generally the solution is to enable BitLocker on all drives.
BitLocker is Turned Off means that TPM is setup and ready to use, but BitLocker is not turned on. The solution is to turn on BitLocker on all drives.
BitLocker is Not Enabled means that TPM is setup and ready to use and BitLocker is configured to be used, but as may be the case with servers, the BitLocker feature might not be installed (enabled). The solution is to install and configure BitLocker on all drives.
TPM Issue means TPM is either not installed on the computer or it is not enabled within the BIOS. The solution varies depending on the problem, but in some cases it could mean a hardware upgrade, i.e. replacing old computers with ones where TPM is installed.
As mentioned earlier, this dashboard leverages the inventory information of both TPM’s and BitLocker’s state from SCCM current branch.
Endpoint Insights Reporting – BitLocker and TPM Status Dashboard
The BitLocker and TPM Status dashboard is found within Endpoint Insights Reporting’s security category. This category of dashboards and reports provides you with all-important information about various security issues within your SCCM environment, such as BIOS and TLS settings.
The full set of BitLocker and TPM reports includes:
· BitLocker and TPM Status Dashboard
· List of Computers by BitLocker and TPM Status
· Computer BitLocker and TPM Details
List of Computers by BitLocker and TPM Status
This report provides a list of computers by a specified BitLocker and TPM state. You can drill through from this report to the Computer BitLocker and TPM Details report.
Computer BitLocker and TPM Details
This report is divided into three major sections. The first section tells you about the computer itself.
The second section tells you about the TPM status. This section is collapsed by default. Simply click on the text in order to expand the section. A green dot means that TPM has this state. Whereas a gray dot means that the TPM doesn’t have this state. For more details about each state, please see the Microsoft documentation.
The last section displays all of the computer’s drives along with each one’s BitLocker status. This section is also collapsed by default, so click on the text in order to expand it.
Would you find it useful to know the BitLocker and TPM status for all of your computers in one report? Then get the BitLocker and TPM Status dashboard NOW!
Are you looking for another SCCM report? Do you find that SCCM reporting is difficult? SCCM reporting shouldn’t be hard and with Endpoint Insights Reporting’s 150+ SCCM reports, sorted into 26 different categories, we make it easy for you!
We can’t possibly list all of the SCCM reports found in Endpoint Insights Reporting, but here are the 26 categories:
Do you have an idea for a report set that you would like us to create? Submit them to our Ideas Page or drop us a line on Twitter!
