I suggest you ...

Create a computer exemption policy.

Microsoft BitLocker Administration and Monitoring (MBAM) enables you to exempt users from BitLocker Drive Encryption requirements.

This makes no sense - users are not encrypted, computers are encrypted. We need a way to exempt a computer from encryption, regardless of the user logged in.

13 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Robert Stein shared this idea  ·   ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Jack Fetter commented  · 

        You can already do this; simply create a GPO with the opposite (disable) settings as your existing MBAM GPO and apply AFTER (place higher in the list of applied GPO's for each applicable OU) applying the standard GPO. This new GPO is assigned (filtering) to a new AD Security Group (name it something like "BitLocker Encryption Exclude") populated by the computer accounts that you want to exclude. These machines will then be exempt from MBAM encryption policy and/or decrypt if already encrypted...

      Feedback and Knowledge Base