Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Improve the hotfix and service pack install experience

    For a hotfix, (such as dec 2016 update) customers have to UN-necessarily uninstall mbam server components on the MBAM server and ConfigMgr server and then go through the rigmarole of re-installing them, and that requires that all the data that is needed for the wizard must be re-entered again, this is painful and unnecessary

    the mbam wizards should (imho) be clever enough to auto-populate the data that you entered previously and give you the change to confirm that data and even do it via PowerShell, this is such a time waster particularly when you have to do it on more…

    351 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Allow multiple users for preboot amd enforce PIN/Password changes through expiration

      Allow multiple users for Preboot and enforce PIN/Password changes through expiration(ie: every 90 days).

      7 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Admin →
      • SQL 2016 Always Encrypted Support with MBAM

        It would be best to get SQL 2016 Always Encrypted Support with MBAM so Data Security is Heightened.

        22 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • 2 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Possibility of more granural access model to MBAM helpdesk and reporting websites

            I see one serious drawback of MBAM security model. It seems that there can be only one group for helpdesk (and another for advanced HD).

            What I need is possibility to segregate access based on location or division.
            Example 1. IT support in India can only provide BitLocker recovery password for Indian machines. Also IT support in Hong-Kong will not be able to get password for non-HK PC.
            Example 2. Executive IT support will be the only team capable to get recovery passwords for VIP machines.

            40 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Admin →
            • Add support for installing MBAM with SQL Server 2016

              Currently, the installer will block you from installing if you are using SQL Server 2016. SQL Server 2016 was released on June 1, 2016 and Service Pack 1 came out back at the beginning of November 2016.

              For bonus points, don't block future versions of SQL Server during install time! While you may not 'support' them, blocking it means you need to be johnny-on-the-spot with updating the installer, which hasn't been a reality in the past. Block old ones that you know don't work, not future ones that likely will work just fine and handle issues with documentation (eg. "Known…

              92 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Identify TPM as the culprit instead of Bitlocker

                When users are presented with the famous "Windows Bitlocker Drive Encryption Recovery Key Entry" screen due to TPM lockout it would be very useful to indicate that this was because TPM was locked out and therefore could not automatically unlock the drive.

                That way focus is on TPM issues instead of giving Bitlocker/MBAM a bad rap.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Implement BitLocker To Go in MBAM.

                  Most users will encrypt their USB-Media with BitLocker To Go, move Data on it and remove it from Device.
                  To have recovery key in MBAM database, the USB-Device needs to be connected in unlocked state at the Computer while MBAM Agent will perform it's cycle.

                  There should be an implementation of BitLocker To Go to store recovery keys in MBAM Database through policy.

                  20 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Create a computer exemption policy.

                    Microsoft BitLocker Administration and Monitoring (MBAM) enables you to exempt users from BitLocker Drive Encryption requirements.

                    This makes no sense - users are not encrypted, computers are encrypted. We need a way to exempt a computer from encryption, regardless of the user logged in.

                    8 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • Add a switch on the Invoke-MbamClientDeployment.ps1 to disable CRL and OCSP when eschewing keys or increase the timeout in offline scenarios

                      Using the MBAM client in an offline build centre locked down with firewall (and no access to the internet) causes the script to fail as the CRL and OCSP checks are done and the response is not returned in time.

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Stop installing the MBAM reports in ConfigMgr for every single supported language when only one is needed

                        No reason to install the MBAM reports in ConfigMgr for every language, when only one is needed. Perhaps roll this up under "improve install experience."

                        1 vote
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • section 508 compliance at pre-boot

                          bitlocker on the endpoint is virtually unusable for a visually impaired user.

                          when will Microsoft improve this situation, afterall McAffee have been doing this for at least the last two years

                          following link clearly indicates that its not really that complicated

                          https://kc.mcafee.com/corporate/index?page=content&id=KB69853

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Is MBAM 2.5 SP1 supported on SQL Server 2012 SP3 and 2014 SP2?

                            Support for SQL Server 2012 SP2 ran out in January 2017. Support for 2014 SP1 will run out in October.
                            Is 2012 SP3 and 2014 SP2 supported with MBAM 2.5 SP1?

                            24 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Support/Document using both MBAM Compliance DB and ConfigMgr Integration

                              The documentation for doing SCCM Integration makes it sound like the it is an either/or decision - you can either put the compliance data in MBAM's database or use ConfigMgr hardware inventory to track it. In practice (and described at TechEd 2014), you can store the data in both. This is incredibly useful as the SCCM data is typically used for operational actions (like creating collections to automatically remediate issues), and the MBAM Compliance data is used for historical reporting (like proving that laptop you retired/recyled 2 years ago was encrypted, long after the data is out of ConfigMgr).

                              Please…

                              22 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Where are the MBAM (all versions) Server Configuration Settings after installation?

                                How to access the settings that were applied such as MBAM Adv HelpDesk AD group used? Are they kept in the Registry?
                                Having to upgrade from previous version to new version makes it difficult to retrieve such settings?
                                Is there a way to retrieve the current settings that were applied during the Installation Wizard?

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • How does the MBAM Client register into MBAM Webserver/SQL (process flow)?

                                  Is there a simple diagram or explanation on how the MBAM Client process works in regards to the registration of the Key into SQL server?

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • Microsoft BitLocker Administration and Monitoring to automate and assign them to ticketing tool

                                    s there a way that Microsoft BitLocker Administration and Monitoring console can send those non-compliant systems details to a ticketing tool like Service Now when the systems are non-encrypted or identified. By automating this process, we can track those non-compliant system on a timely manner & remediate solutions as when they appear in servicenow

                                    5 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • force escrow of new recovery key after a Bitlocker Recoyery Key was requested

                                      after a recovery key was requested it took Default 90 min. before the recovery is reset and a new key is escrowed. If you reboot the machine before you have to re-enter the recovery key again.

                                      I would like mbam to enforce this reset Independent of the policy Intervall.

                                      15 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Support for later version of Configuration Manager

                                        MBAM 2.5 SP1 to support newer versions of ConfigMgr. Ideally Build 1610 and integration with future current branch builds in a more timely fashion.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • What about SQL 2016 server

                                          I believe its just matter of repackaging the installer with correct SQL DACFx component. Can we get an update or manual script to make it work please?

                                          2 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Microsoft BitLocker Administration and Monitoring

                                          Feedback and Knowledge Base