Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Allow removable media keys to be saved to just MBAM

    We have a number of users that use BitLocker for removable drive encryption. We would like to be able to save our BitLocker keys to just MBAM and not go through AD. We had an issue in the past where BitLocker keys kept replicating in AD and almost brought down the forest. For that reason we moved keys to MBAM but currently Microsoft does not allow you the option to save removable drive keys to just MBAM. Having this option would be a huge asset as we would like to not save them to AD. Really the only option currently…

    49 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Move Bitlocker to GO GPO Policies to User Configuration

      Bitlocker to Go Policies are right now under Computer Configuration, which doesn't make much sense. By moving them to the User Configuration, you are able to exclude users from encrypting their usb sticks or not, and not to exclude computers. Maybe, should use implement it for Computer & User Configuration

      12 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Admin →
      • Windows 10 search results

        Dear MBAM Team,

        I'd like you to check about Windows 10 search and BitLocker / MBAM Control Panle items. When default BitLocker control panel item is removed and only MBAM CPL is displayed I'd assume that when I enter "BitLocker" into Windows 10 search it would redirect me to MBAM CPL instead of BitLocker buildin CPL.
        Could you please add option that when MBAM client is installed it will added to Windows 10 search?
        Many thanks

        6 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • I wish there was a force update/sync button in the selfservice OR hepdesk url so that we can update mbam right away for remote users.

          I wish there was a force update/sync button in the selfservice OR hepdesk url so that we can update mbam right away for remote users.

          10 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • MBAM 2.5 SP1 supported on SQL Server 2017?

            My Customer has updated their databases to SQL 2017. MBAM 2.5 SP does not support this. When will this work?

            6 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Overview of current and upcomming Hotfixes, Updates and Servicepackages

              My customer is looking for an official information page from Microsoft, that grants information about the current and upcomming HotFixes, Updates and Servicepackages. At the official MBAM page "https://technet.microsoft.com/en-us/windows/hh826072.aspx", there is e.g. no Information to the HotFix 6 at "Release Notes" or other Tabs. The only page we found was the blog of Rafal Sosnowski - https://blogs.technet.microsoft.com/dubaisec/2016/05/23/mbam-version-chart/ that grant an overview of the version history. Therefore we suggest a Page/Newsletter or the like, that give an overview of current and upcomming Hotfixes, Updates and Servicepackes.

              12 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • IS hardware (or software) encryption in use? Provide visibility into availability and use of per drive hardware encryption.

                Hardware encryption is nearly standard on SSDs, as encryption is a natural companion to write-cycle limited device management. As hardware encryption is standard, users can expect better performance when this is enabled. This is especially important for lower-spec'd machines. Currently, bitlocker gives no indication if hardware or software encryption is used, and users have to run an admin level command line status to get this information.

                Clearly the information is readily available.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Enforce enhanced PIN through MBAM / Bitlocker

                  Enforce enhanced PIN through MBAM / Bitlocker. Currently you can allow enhanced pin via group policy but there is no way of enforcing it.

                  5 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Move MBAM Client features to SCCM

                    Eliminate the MBAM Client for organizations utilizing SCCM. Put MBAM Client functionality into the SCCM client.

                    Leave the client installers for orgs not using SCCM.

                    1 vote
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • Allow us to disable the RDP check

                      If a RDP Session is active, MBAM will not begin the encryption process. We should be allowed to bypass that, with a registry key for example.

                      3 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Add a Modify option to the configuration wizard

                        The MBAM configuration wizard has two options Add and Remove. Most similar wizards I have worked with have a 3rd option; Modify. It is ridiculous to have to remove a whole feature just to make a configuration change through the wizard, and then re-enter all of the other information. There should be a Modify option that displays the current settings and allows you to make changes without reinstalling that feature.

                        I recently tried changing the notification text in the self service portal. The change did not display, so I edited the config file to point to the new file. I…

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • encrypted USB stick key is not getting escrow to MBAM Server

                          Question
                          Sign in to vote
                          0
                          Sign in to vote
                          encrypted usb keys are not storing on MBAM servers, we applied policy for removable drives on AD GPO, we can see internal operating system drive keys are getting esrowing to MBAM servers .but not encrypted USB sticks keys, is any one faced similar issue please please advise

                          1 vote
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Change the default names of all the databases in the wizard to remove spaces.

                            When doing the installation of MBAM the default names in the wizard have spaces in them, also there is NO mention in any MBAM documentation that I have read that says spaces can cause issues. I had a SQL DBA bring the possible ramifications to my attention of having spaces in the name.

                            9 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Please clarify in the documentation if MBAM 2.5 is supported on WIndows 10 LTSC Releases

                              The MBAM documentation states Windows 10 Enterprise as a supported OS for the MBAM Agent. If Windows 10 LTSC releases are included is not entirely clear. Please clarify.

                              1 vote
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Add a switch to the existing excutable to immediately report compliance results to the MBAM database...

                                Useful immediately after imaging a new computer or if remediating an issue, not having to wait for the default 720 minutes. Too many times computers are turned off and the data takes a day or two to show up in the MBAM compliance reports, some enterprises won't close WO's until the encryption results show as expected...

                                10 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • Choose a more clearly rendered font for the Bitlocker recovery key ID

                                  The font chosen for the Bitlocker recovery screen can make some of these characters pretty ambiguous to the user, we've had a number of them incorrectly input S or I characters in place of 5 or 1 which is complicating recovery.

                                  I haven't been able to confirm from the documentation I've searched, but the recovery key appears to be a Hex string. It would be helpful to clarify that if it is the case.

                                  2 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • 20 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • Mobile version of the self service portal

                                      Using the self service portal from a mobile phone is a frustrating experience. A website dedicated to access via a mobile that is scaled and streamlined for data entry would be fantastic.

                                      5 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • configure the MBAM installer to remember the information that was entered if the install fails.

                                        I have had a dozen failures, and each time it fails when I get to the last step, hitting the Add button. The I have to start from the beginning again and enter all of the information over and over and over again..... There is no Back button to allow you to go back if it fails, and none of the information you enter is retained. What a colossal waste of time.

                                        4 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • SQL 2016 Always Encrypted Support with MBAM

                                          It would be best to get SQL 2016 Always Encrypted Support with MBAM so Data Security is Heightened.

                                          50 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          ← Previous 1 3 4 5 6
                                          • Don't see your idea?

                                          Microsoft BitLocker Administration and Monitoring

                                          Feedback and Knowledge Base