BitLocker Audit + Recovery Key Gathering
Purpose
This solution uses custom tasks and device groups to audit and gather information.
Associated Content
| Content | Type | Function |
|---|---|---|
| CW RMM - Custom Field - BitLocker Key Backup Status | Custom Field | Displays the most recent result after pushing the BitLocker recovery keys into AD/Azure AD. |
| CW RMM - Custom Field - BitLocker Status and Recovery Key Audit | Custom Field | Shows drives that are encrypted with BitLocker and displays the recovery key if available. |
| CW RMM - Device Groups - BitLocker Auditing | Device Group | Used to report on devices that have: BitLocker - Audit Required, BitLocker - Enabled, BitLocker - Disabled, and BitLocker - Regular Auditing. The purpose of the group "BitLocker - Regular Auditing" is to hold all devices that have been audited for BitLocker and check their status regularly. |
| CW RMM - Task - BitLocker Status and Recovery Key Audit | Task | Attempts to audit the BitLocker status of the endpoint. |
| CW RMM - Task - BitLocker Recovery Key Backup Audit | Task | Attempts to push BitLocker keys to AD/Azure AD. Please note: This is a one-way push, NOT a sync. |
Implementation
-
Create the following custom fields. This step is required before the rest of the steps will work as expected. Follow the documentation here: CW RMM - Custom Field - BitLocker Key Backup Status and CW RMM - Custom Field - BitLocker Status and Recovery Key Audit.
-
Create the device groups. This step is required before creating the tasks; otherwise, they will not have a proper target. Follow the documentation here: CW RMM - Device Groups - BitLocker Auditing.
-
Create the BitLocker status and recovery key task. Follow the documentation here: CW RMM - Task - BitLocker Status and Recovery Key Audit.
Please ensure that the task is scheduled per the above documentation! -
Create the BitLocker recovery key backup task. Follow the documentation here: CW RMM - Task - BitLocker Recovery Key Backup Audit.
Please ensure that the task is run manually!