Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Improve the hotfix and service pack install experience

    For a hotfix, (such as dec 2016 update) customers have to UN-necessarily uninstall mbam server components on the MBAM server and ConfigMgr server and then go through the rigmarole of re-installing them, and that requires that all the data that is needed for the wizard must be re-entered again, this is painful and unnecessary

    the mbam wizards should (imho) be clever enough to auto-populate the data that you entered previously and give you the change to confirm that data and even do it via PowerShell, this is such a time waster particularly when you have to do it on more…

    314 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Ability to create device exceptions

      Other encryption solutions allow the ability to add exceptions for single devices (i.e. a specific USB device) or groups of devices (i.e. all USB drives of a certain make/model). I believe it's based on hardware IDs or something else that's unique to each device/group.

      101 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Add support for installing MBAM with SQL Server 2016

        Currently, the installer will block you from installing if you are using SQL Server 2016. SQL Server 2016 was released on June 1, 2016 and Service Pack 1 came out back at the beginning of November 2016.

        For bonus points, don't block future versions of SQL Server during install time! While you may not 'support' them, blocking it means you need to be johnny-on-the-spot with updating the installer, which hasn't been a reality in the past. Block old ones that you know don't work, not future ones that likely will work just fine and handle issues with documentation (eg. "Known…

        91 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • What about a diagnostic tool for client side troubleshooting ?

          I think that a user friendly tool dedicated to MBAM/Bitlocker more explicit that EventLog or others logfiles can help IT to resolve this cases :
          - Why encryption not start ?
          - My Mbam server is up and ready to escro the key ?
          - Existing GPO/Regedit conflits settings ?
          - Reporting is OK ?
          - etc.

          Regards,
          Jean-Baptiste

          80 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • 79 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
            • Add Configuration Manager Current Branch as supported

              Today the latest version that is stated as supported in the MBAM documentation is 2012. As world is going fast forward we would like to see ConfigMgr CB as supported as well for version 2.5 SP1

              68 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Add pin change to group policy

                Allow customer to define if the want to enforce a pin expiration.

                Allow deployment team to encrypt drive and policy would then cause a user to input pin on first use.

                base on the 30 /60 / 90 or custome quantity of days in the policy.

                58 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • 53 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Better handling of Computer Renames

                    When a computer is renamed, MBAM never picks up the new name. Instead a new entry is added in MBAM with the new name. There should be a way for the new name to be picked up, and possible show what the previous name was.

                    53 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      1 comment  ·  Admin →
                    • non-US-keyboard support

                      Add Support for non-us Keyboard layout in MBAM/BitLocker Password preboot Screen.

                      the preboot password authentication sets the keyboard layout to US english, so characters not present on this Keyboard cannot be typed although we can use those for BitLocker password.

                      Please add support for more than one keyboard layout.

                      49 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Single Sign On with AD. Instead of unlockin gwith password. Unlock with username and password to match AD

                        Single Sign On with AD. Instead of unlocking with password. Unlock with username and password that match AD

                        48 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Translate new enhanced PINs to US keyboard layout

                          If a user changes the Bitlocker PIN via MBAM Agent with a non US keyboard he has to enter it in a different manner to unlock the PC.

                          For example: "security" would be "securitz" on a PC with German keyboard layout.

                          This causes a lot of problems for the users because they try to enter the German or French version and have to use the recovery key to unlock their workstation.

                          It would be great if setting and using the PIN would use the same keyboard layout.

                          46 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Admin →
                          • Provide computers' history of changes

                            For investigations, I am often confronted with the need to determine when a specific computer has been encrypted for the first time and all the modifications that have been done since that time (protection suspension, etc.).

                            Today with MBAM, we can only retrieve the very last computer's information. It would be great to save audit changes any time some characteristic (on the compliance side) of a machine changes.
                            A new report displaying this information per-machine would be great then.

                            39 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)

                              Can you explain more why the history of changes would be helpful for auditors? If a machine was lost or stolen, wouldn’t the last state be the one you cared about?

                            • Client, Server and Setup general improvements.

                              I think that a lot of functionalities are lacking in the Client and Server. The work for whoever is implementing MBAM could be greatly simplified by some additions

                              Client:
                              - 'Status' tab which shows what the client has sent to the MBAM server, how long ago it sent it, if communications are OK to the server in the last x hours.
                              - A list of users that have been associated with the computer so that you know who can request the key in the self service site (this is maybe useless, but it might be good for debugging purposes)

                              Server: …

                              38 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)

                                Hi Miguel, It sounds like you want improved diagnostics. Great feedback. Can you provide more information about the challenges with Setup? You mention confusing online instructions, etc. Can you provide some examples?

                              • Multiple users

                                MBAM/Bitlocker'ed machines absolutely NEED to be able to have multiple users. Im actually shocked that this is not already available. We need to be able to allow our support staff to have an admin account they can use to log into bitlocker. As well we have machines that have multiple users on them so therefore they need to be able to sign into bitlocker with separate accounts. We also have loaner laptops that we issue on a case by case basis and would need to put an individuals account on it. MBAM should be able to push out user accounts/profiles…

                                38 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Admin →
                                • MBAM as a Service / selectable option in Azure

                                  Hello

                                  I think MBAM should be offered “as a Service” / selectable option in Azure.

                                  This would save people the unnecessary “hassle” of having to duplicate work / figure it all out themselves - or paying someone else to do it (I know several solution providers are doing this stuff when it should just be a really simple thing for people to setup themselves)

                                  Doing this would speed up adoption / deployments of bitlocker

                                  It should come in a standardised form with a simple wizard to guide people thro the key configuration options.
                                  It should “take care” of fault tolerance…

                                  38 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • Multi-Client capability

                                    All companies i have been in the past with BL and MBAM are asking for this to Support different departments inside their AD/Company.
                                    So department A should not be able to get Keys from department B and so on. This should be solved with one instance of MBAM.

                                    35 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                      under review  ·  1 comment  ·  Admin →
                                    • Possibility of more granural access model to MBAM helpdesk and reporting websites

                                      I see one serious drawback of MBAM security model. It seems that there can be only one group for helpdesk (and another for advanced HD).

                                      What I need is possibility to segregate access based on location or division.
                                      Example 1. IT support in India can only provide BitLocker recovery password for Indian machines. Also IT support in Hong-Kong will not be able to get password for non-HK PC.
                                      Example 2. Executive IT support will be the only team capable to get recovery passwords for VIP machines.

                                      29 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                        1 comment  ·  Admin →
                                      • Add Compliance reporting for Bitlocker to Go devices in MBAM.

                                        Right now, MBAM does not report on compliance for Bitlocker To Go devices. Specifically USB based devices. I am aware of the GPO to set the devices to read only if they are not encrypted, however, reporting on compliance in terms of what IS encrypted/un-encrypted would be helpful for customers that have strict regulatory compliance audits.

                                        25 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                          under review  ·  1 comment  ·  Admin →
                                        • Is MBAM 2.5 SP1 supported on SQL Server 2012 SP3 and 2014 SP2?

                                          Support for SQL Server 2012 SP2 ran out in January 2017. Support for 2014 SP1 will run out in October.
                                          Is 2012 SP3 and 2014 SP2 supported with MBAM 2.5 SP1?

                                          24 votes
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          ← Previous 1 3 4 5
                                          • Don't see your idea?

                                          Microsoft BitLocker Administration and Monitoring

                                          Feedback and Knowledge Base