none
MBAM with TPM, PIN and startup key on USB RRS feed

  • Question

  • Is it possible to manage clients with MBAM, if the customer requires TPM, PIN and USB based startup key?

    Thanks in advance,

    Gottfried

    Thursday, June 21, 2012 3:11 PM

Answers

  • Hi,

    MBAM will only work with TPM machines. TPM is a requirement if you want to use MBAM.

    MBAM Supported Configurations

    http://onlinehelp.microsoft.com/en-us/mdop/hh285641.aspx

    Alex Zhao

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Alex Zhao

    TechNet Community Support

    Friday, June 22, 2012 5:26 AM
    Moderator
  • Hi Alex,

    in WIndows 7 you can protect your drive with TPM+PIN+External Key (USB) via manage-bde.wsf script. If I read the question correct Gottfried is asking if the same is possible when MBAM is used for managing Bitlocker on clients. I have not been able to find a MBAM GPO that allows setting TPM+PIN+USB as protectors, therefore I would say this configuration is not supported/possible when using MBAM tool. Am I right? Thanks.


    Tuesday, June 26, 2012 12:14 PM

All replies

  • Hi,

    MBAM will only work with TPM machines. TPM is a requirement if you want to use MBAM.

    MBAM Supported Configurations

    http://onlinehelp.microsoft.com/en-us/mdop/hh285641.aspx

    Alex Zhao

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Alex Zhao

    TechNet Community Support

    Friday, June 22, 2012 5:26 AM
    Moderator
  • Hi,

    I am just writing to check the status of this thread. Was the information provided in previous reply helpful to you? Do you have any further questions or concerns? Please feel free to let us know.

    Regards,

    Alex Zhao

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Alex Zhao

    TechNet Community Support

    Monday, June 25, 2012 2:03 AM
    Moderator
  • Hi Alex,

    in WIndows 7 you can protect your drive with TPM+PIN+External Key (USB) via manage-bde.wsf script. If I read the question correct Gottfried is asking if the same is possible when MBAM is used for managing Bitlocker on clients. I have not been able to find a MBAM GPO that allows setting TPM+PIN+USB as protectors, therefore I would say this configuration is not supported/possible when using MBAM tool. Am I right? Thanks.


    Tuesday, June 26, 2012 12:14 PM
  • Hi,

    As this thread has been quiet for a while, we assume that the issue has been resolved. At this time, we will mark it as ‘Answered’ as the previous steps should be helpful for many similar scenarios. If the issue still persists, please feel free to reply this post directly so we will be notified to follow it up. You can also choose to unmark the answer as you wish.

    BTW, we’d love to hear your feedback about the solution. By sharing your experience you can help other community members facing similar problems. Thanks for your understanding and efforts.

    Regards,

    Alex Zhao

    TechNet Subscriber Support

    If you are TechNet Subscription user and have any feedback on our support quality, please send your feedback here.


    Alex Zhao

    TechNet Community Support

    Friday, June 29, 2012 7:39 AM
    Moderator