we have set up MBAM in our test environment. The encryption of the OS drive on the client machine works fine, but it is not possible to encrypt an external device.
Our MBAM Group Policy for "Removable Drive" is:
Control use of BitLocker on removable drives: Enabled
Allow users to apply BitLocker protection on removable data drives
Allow users to suspend and decrypt BitLocker protection on removable data drives
Configure use of passwords for removable drives: Enabled
Require password for removable drive
Allow password complexity
Minimum password length for removable data drive: 8
If I select the removable drive in the Windows Explorer - right mouse click, there is no entry "BitLocker Encryption Options" like on the OS drive.
In the "Control Panel" - "BitLocker Encryption Options", under "BitLocker Drive Encryption - External drives" the following text is displayed: "E: Encryption Off".
I have hidden the original BitLocker Control Panel item (Group policy: User Configuration - Policies - Administrative Templates - Control Panel - "Hide specified Control Panel item: "Microsoft.BitLockerDrive Encryption").
Also I have set the following registry key on the MBAM Server: