Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Overview of current and upcomming Hotfixes, Updates and Servicepackages

    My customer is looking for an official information page from Microsoft, that grants information about the current and upcomming HotFixes, Updates and Servicepackages. At the official MBAM page "https://technet.microsoft.com/en-us/windows/hh826072.aspx", there is e.g. no Information to the HotFix 6 at "Release Notes" or other Tabs. The only page we found was the blog of Rafal Sosnowski - https://blogs.technet.microsoft.com/dubaisec/2016/05/23/mbam-version-chart/ that grant an overview of the version history. Therefore we suggest a Page/Newsletter or the like, that give an overview of current and upcomming Hotfixes, Updates and Servicepackes.

    3 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Please clarify in the documentation if MBAM 2.5 is supported on WIndows 10 LTSC Releases

      The MBAM documentation states Windows 10 Enterprise as a supported OS for the MBAM Agent. If Windows 10 LTSC releases are included is not entirely clear. Please clarify.

      1 vote
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Allow removable media keys to be saved to just MBAM

        We have a number of users that use BitLocker for removable drive encryption. We would like to be able to save our BitLocker keys to just MBAM and not go through AD. We had an issue in the past where BitLocker keys kept replicating in AD and almost brought down the forest. For that reason we moved keys to MBAM but currently Microsoft does not allow you the option to save removable drive keys to just MBAM. Having this option would be a huge asset as we would like to not save them to AD. Really the only option currently…

        40 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • Change the default names of all the databases in the wizard to remove spaces.

          When doing the installation of MBAM the default names in the wizard have spaces in them, also there is NO mention in any MBAM documentation that I have read that says spaces can cause issues. I had a SQL DBA bring the possible ramifications to my attention of having spaces in the name.

          9 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Choose a more clearly rendered font for the Bitlocker recovery key ID

            The font chosen for the Bitlocker recovery screen can make some of these characters pretty ambiguous to the user, we've had a number of them incorrectly input S or I characters in place of 5 or 1 which is complicating recovery.

            I haven't been able to confirm from the documentation I've searched, but the recovery key appears to be a Hex string. It would be helpful to clarify that if it is the case.

            2 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Add a switch to the existing excutable to immediately report compliance results to the MBAM database...

              Useful immediately after imaging a new computer or if remediating an issue, not having to wait for the default 720 minutes. Too many times computers are turned off and the data takes a day or two to show up in the MBAM compliance reports, some enterprises won't close WO's until the encryption results show as expected...

              4 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • configure the MBAM installer to remember the information that was entered if the install fails.

                I have had a dozen failures, and each time it fails when I get to the last step, hitting the Add button. The I have to start from the beginning again and enter all of the information over and over and over again..... There is no Back button to allow you to go back if it fails, and none of the information you enter is retained. What a colossal waste of time.

                1 vote
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Mobile version of the self service portal

                  Using the self service portal from a mobile phone is a frustrating experience. A website dedicated to access via a mobile that is scaled and streamlined for data entry would be fantastic.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • 17 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • Identify TPM as the culprit instead of Bitlocker

                      When users are presented with the famous "Windows Bitlocker Drive Encryption Recovery Key Entry" screen due to TPM lockout it would be very useful to indicate that this was because TPM was locked out and therefore could not automatically unlock the drive.

                      That way focus is on TPM issues instead of giving Bitlocker/MBAM a bad rap.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Add a switch on the Invoke-MbamClientDeployment.ps1 to disable CRL and OCSP when eschewing keys or increase the timeout in offline scenarios

                        Using the MBAM client in an offline build centre locked down with firewall (and no access to the internet) causes the script to fail as the CRL and OCSP checks are done and the response is not returned in time.

                        3 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Allow multiple users for preboot amd enforce PIN/Password changes through expiration

                          Allow multiple users for Preboot and enforce PIN/Password changes through expiration(ie: every 90 days).

                          9 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Admin →
                          • Stop installing the MBAM reports in ConfigMgr for every single supported language when only one is needed

                            No reason to install the MBAM reports in ConfigMgr for every language, when only one is needed. Perhaps roll this up under "improve install experience."

                            5 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • SQL 2016 Always Encrypted Support with MBAM

                              It would be best to get SQL 2016 Always Encrypted Support with MBAM so Data Security is Heightened.

                              37 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • section 508 compliance at pre-boot

                                bitlocker on the endpoint is virtually unusable for a visually impaired user.

                                when will Microsoft improve this situation, afterall McAffee have been doing this for at least the last two years

                                following link clearly indicates that its not really that complicated

                                https://kc.mcafee.com/corporate/index?page=content&id=KB69853

                                1 vote
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • Create a computer exemption policy.

                                  Microsoft BitLocker Administration and Monitoring (MBAM) enables you to exempt users from BitLocker Drive Encryption requirements.

                                  This makes no sense - users are not encrypted, computers are encrypted. We need a way to exempt a computer from encryption, regardless of the user logged in.

                                  13 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Admin →
                                  • How does the MBAM Client register into MBAM Webserver/SQL (process flow)?

                                    Is there a simple diagram or explanation on how the MBAM Client process works in regards to the registration of the Key into SQL server?

                                    1 vote
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • Where are the MBAM (all versions) Server Configuration Settings after installation?

                                      How to access the settings that were applied such as MBAM Adv HelpDesk AD group used? Are they kept in the Registry?
                                      Having to upgrade from previous version to new version makes it difficult to retrieve such settings?
                                      Is there a way to retrieve the current settings that were applied during the Installation Wizard?

                                      1 vote
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Possibility of more granural access model to MBAM helpdesk and reporting websites

                                        I see one serious drawback of MBAM security model. It seems that there can be only one group for helpdesk (and another for advanced HD).

                                        What I need is possibility to segregate access based on location or division.
                                        Example 1. IT support in India can only provide BitLocker recovery password for Indian machines. Also IT support in Hong-Kong will not be able to get password for non-HK PC.
                                        Example 2. Executive IT support will be the only team capable to get recovery passwords for VIP machines.

                                        46 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • Implement BitLocker To Go in MBAM.

                                          Most users will encrypt their USB-Media with BitLocker To Go, move Data on it and remove it from Device.
                                          To have recovery key in MBAM database, the USB-Device needs to be connected in unlocked state at the Computer while MBAM Agent will perform it's cycle.

                                          There should be an implementation of BitLocker To Go to store recovery keys in MBAM Database through policy.

                                          28 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Microsoft BitLocker Administration and Monitoring

                                          Feedback and Knowledge Base