Bitlocker administration and monitoring (MBAM) and clients that are already encrypted


  • We are looking to roll out Windows 7 with Bitlocker enabled soon.  We just recently found out about MBAM and are looking into it but we probably will not hold up the Windows 7 rollout for it.  The question is, how does MBAM work with Windows 7 clients that are already encrypted with Bitlocker?  Will it pick the fact that it has been encrypted and just try to enforce whatever policies we have in place or will it fail?
    venerdì 19 agosto 2011 18:25


Tutte le risposte

  • I have the same question.  I have MBAM installed as well as Windows 7 Bitlocker clients that were pre-existing.  The compliance report is currently showing that my clients are Non-Compliant.  Why is this???
    giovedì 15 settembre 2011 19:56
  • MBAM agent installed on windows 7 client will push the recovery keys to MBAM SQL database.

    Reports will show compliance status based on GPO configured for MBAM.

    If your volume is encrypted with bitlocker, but MBAM GPO are not configured the your machine status will be non-compliant.

    To get a compliant machine status, you need to enable GPO for MBAM under operating system drive to enabled.

    Hope this helps.


    Manoj Sehgal
    sabato 17 settembre 2011 04:30
  • Hi Manoj,

    Thanks for the response.  I have Group Policy not correct?


    sabato 17 settembre 2011 17:07


    The GPO which have configured will back up recovery information in AD and not MBAM.

    For MBAM GPO see the link below.


    Hope this helps.

    Manoj (MSFT)

    Manoj Sehgal
    mercoledì 21 settembre 2011 21:37
  • Assuming all your bitlocker GPO settings are the same now as they were before there is no issues. 

    I have personally deployed this exactly scenario to +4000 machines (previously Bitlockered with similar settings) with no snags once I get the client to check in.  I am still working through the last of the automatic compliance enforncement issues.

    From your settings you will have recovery information in 2 (AD & HW and Recovery) locations. 

    lunedì 19 marzo 2012 05:14