Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Document the SSRS reports customization for large enterprises

    Allow to define report scope by definable categories to allow federation base on roles. example report base on region,country site and role...

    10 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Client side diagnostic for escrow of tpm and drive keys..

      Today a install can occur drive escrows but tpm could fail and too late to detect an issue until after a system register to sql db...

      There should be a check that when using tpm as a protector that this is checked before you begin encryption..

      2 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Integrate DRA to installation requirements and planning

        DRA should be in planning and install consideration today no best practices are available ..

        3 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          1 comment  ·  Admin →
        • Identify TPM Owner Hash by HardwareID

          Currently the TPM Hash is identified by the Computername, which could change. I think it would be better to use a hardwareID like Serial or UUID instead. Computernames can change, and during a rebuild with computername change you do not even get a new TPM Owner Hash, because TPM is already owned (only way to come around this is to clear TPM during rebuild, unfortunatly you get Physical Presence BIOS Prompts by doing so, so this is not as "unattended" as required).

          10 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Automate notification for Non-compliance

            There should be an automation in the process of finding the cause for the non-compliance of the machine. There should be method so that the administrators can know reason for the non-compliance easy enough. If a machine is non-compliant, MBAM Admin can receive a notification about the non-compliance and the reason for it.

            20 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Ability to create device exceptions

              Other encryption solutions allow the ability to add exceptions for single devices (i.e. a specific USB device) or groups of devices (i.e. all USB drives of a certain make/model). I believe it's based on hardware IDs or something else that's unique to each device/group.

              135 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • USB device MBAM client support

                Currenlty MBAM Client 2.5 does not have any activity in encrypting USB sticks, even if Removable Media policies are configured. USB stick encryption must be done manually with OS Bitlocker control, and it will require to print-out the recovery key, since AD recovery is not used because we have MBAM. Printing out Recovery Key is problematic and security risk for end-users.

                19 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Client Install Dependencies

                  We run into issues with Visual Studio Assemblies (Redistribute Package) updates for latest MBAM 2.5 client. In default install is some library blocked by HP Software preinstalled with some drivers. Nice, if some in knowledgabase is written working set of dependencies or some of this type of troubleshooting. Client after run only silenty fail with this scenario.

                  1 vote
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    1 comment  ·  Admin →
                  • Client, Server and Setup general improvements.

                    I think that a lot of functionalities are lacking in the Client and Server. The work for whoever is implementing MBAM could be greatly simplified by some additions

                    Client:
                    - 'Status' tab which shows what the client has sent to the MBAM server, how long ago it sent it, if communications are OK to the server in the last x hours.
                    - A list of users that have been associated with the computer so that you know who can request the key in the self service site (this is maybe useless, but it might be good for debugging purposes)

                    Server: …

                    41 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)

                      Hi Miguel, It sounds like you want improved diagnostics. Great feedback. Can you provide more information about the challenges with Setup? You mention confusing online instructions, etc. Can you provide some examples?

                    • 9 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Add Compliance reporting for Bitlocker to Go devices in MBAM.

                        Right now, MBAM does not report on compliance for Bitlocker To Go devices. Specifically USB based devices. I am aware of the GPO to set the devices to read only if they are not encrypted, however, reporting on compliance in terms of what IS encrypted/un-encrypted would be helpful for customers that have strict regulatory compliance audits.

                        28 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          under review  ·  1 comment  ·  Admin →
                        • Provide coherent documentation on how to implement MBAM

                          The technet documentation is a perfect example of how not to structure knowledge. I've never seen anything more fragmented and incoherent. Half the content is represented by pointers to other content.

                          20 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Multi-Client capability

                            All companies i have been in the past with BL and MBAM are asking for this to Support different departments inside their AD/Company.
                            So department A should not be able to get Keys from department B and so on. This should be solved with one instance of MBAM.

                            35 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              under review  ·  1 comment  ·  Admin →
                            • 9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Admin →
                              • Self-Service Portal on Extranet

                                My customer doesn’t have 24/7 helpdesk support, so it will be great feature to allow users to get BitLocker Recovery Key without Intranet connection (i.e. supported deployment in DMZ, Extranet, …) with possibility to support strong authentication with or without ADFS.

                                15 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • What about a diagnostic tool for client side troubleshooting ?

                                  I think that a user friendly tool dedicated to MBAM/Bitlocker more explicit that EventLog or others logfiles can help IT to resolve this cases :
                                  - Why encryption not start ?
                                  - My Mbam server is up and ready to escro the key ?
                                  - Existing GPO/Regedit conflits settings ?
                                  - Reporting is OK ?
                                  - etc.

                                  Regards,
                                  Jean-Baptiste

                                  97 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • Official supportability for Windows Server

                                    Customers should have clear picture of the compliance of all their machines including servers not only laptops and workstations. Also some developers have Windows Server OS on their laptops as primary OS. And finally MBAM agent works on Windows Server if you edit MSI in ORCA editor so why don’t we support it?:)

                                    7 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      1 comment  ·  Admin →
                                    • 62 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      1 2 3 5 Next →
                                      • Don't see your idea?

                                      Microsoft BitLocker Administration and Monitoring

                                      Feedback and Knowledge Base