I suggest you ...

Allow removable media keys to be saved to just MBAM

We have a number of users that use BitLocker for removable drive encryption. We would like to be able to save our BitLocker keys to just MBAM and not go through AD. We had an issue in the past where BitLocker keys kept replicating in AD and almost brought down the forest. For that reason we moved keys to MBAM but currently Microsoft does not allow you the option to save removable drive keys to just MBAM. Having this option would be a huge asset as we would like to not save them to AD. Really the only option currently is to save them to AD or have the user save them locally. If you could please work on this option that would be great!

49 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    CJ shared this idea  ·   ·  Admin →

    2 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Ben Grant commented  · 

        The NTDS.DIT file is with you for the life of your forest. That's why it's important to inspect your DIT regularly and look for signs of unexpected growth. If your DIT is too big, it hurts everyone.

      • CJ commented  · 

        Once thing I forgot to mention is that the issue is that when we back up to just MBAM we cannot hide the recovery option from the user. If we can have the GPO changed to hide the recovery option from the user and only back up to MBAM that would be awesome! Thanks

      Feedback and Knowledge Base