Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. enhance bitlocker so that a user can be prompted with audible tones

    when to enter the PIN, if its incorrect etc. this would greatly aid visually impaired users.

    it seems such a simple thing, i'm amazed its not already been added

    5 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Admin customisable recovery reasons on Self Service Portal

      Currently, the recovery reasons listed on the self service portal are limited to:

      - BIOS changed
      - Operating System files modified
      - Lost Passphrase

      If any other reason is added to the RecoveryControl view, it simply translates to "Other" within the database / reports.

      Could we please have the ability to administratively (replace, or) list additional recovery reasons, at the very least by way of web config?

      When tackling trending failures sending devices in to recovery, having the ability to filter on additional reasons would help narrow fault resolution.

      3 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • 79 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • UWP and non-GPO applications

          Create a UWP app for managed devices like the Surface Hub.

          7 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Translate new enhanced PINs to US keyboard layout

            If a user changes the Bitlocker PIN via MBAM Agent with a non US keyboard he has to enter it in a different manner to unlock the PC.

            For example: "security" would be "securitz" on a PC with German keyboard layout.

            This causes a lot of problems for the users because they try to enter the German or French version and have to use the recovery key to unlock their workstation.

            It would be great if setting and using the PIN would use the same keyboard layout.

            46 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Admin →
            • is MBAM 2.5 supported to run on SQL 2012 SP3

              is MBAM 2.5 supported to run on SQL 2012 SP3

              4 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Generate a QR Code to request the Bitlocker Recoverykey.

                It would be a create feature to request the Bitlocker Recovery Key by scanning a QR Code with a mobilphone, instead browse to an URL and enter the 8 first digest. For the Security maybe you can combine it with an multifactor authentication.

                23 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Force remove PIN on OS Volume

                  Currently changing the group policy from TPM+PIN to TPM only allows the user to remove the PIN if he is an administrator. Why not make it remove the PIN automatically?

                  8 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • more verbose error messages

                    provide more verbose error messages for the list Even ID to assist with resolution.

                    9 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • After changing fixed drive policy to require auto-unlock, reports show incompliant till the password is removed manually.

                      When changing policy
                      From: Do not allow auto-unlock + Require password for fixed data drive
                      To: Require auto-unlock + Disabled "Configure use of passwords for fixed data drives"
                      The password is no longer required and auto-unlock works as needed.
                      However, in the reports it shows incompliant until the password is manually removed using Admin privileges on the client.

                      1 vote
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Add Configuration Manager Current Branch as supported

                        Today the latest version that is stated as supported in the MBAM documentation is 2012. As world is going fast forward we would like to see ConfigMgr CB as supported as well for version 2.5 SP1

                        68 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Need better instructions for simple setup

                          Need instructions on basic setup without NLB and how to set up application pool account. Do I need to configure SPNs when upgrading if I don't plan to use custom website names or NLB?

                          10 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Multiple users

                            MBAM/Bitlocker'ed machines absolutely NEED to be able to have multiple users. Im actually shocked that this is not already available. We need to be able to allow our support staff to have an admin account they can use to log into bitlocker. As well we have machines that have multiple users on them so therefore they need to be able to sign into bitlocker with separate accounts. We also have loaner laptops that we issue on a case by case basis and would need to put an individuals account on it. MBAM should be able to push out user accounts/profiles…

                            38 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Admin →
                            • Also include a do not allow "READ" access to devices configured in another oganisation

                              This would prevent users from accessing any data on the drive if the computer does not match your predefined identifier. This would be handy in preventing data loss, I find it strange that there is a deny write but no deny read.

                              2 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Add visual clue during start up or logon, that can be background, pix or txt, reflecting status of Bitlocker (enabled, disabled, etc.)

                                Add visual clue during start up or logon, that can be background, pix or txt, reflecting status of Bitlocker (enabled, disabled, etc.)

                                3 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • Allow resizing of System Drive

                                  Currently causing issues with Operating System Deployment (OSD) since a 100MB drive is too small.

                                  1 vote
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                  • Correct the install documentation

                                    https://technet.microsoft.com/en-us/library/dn645331%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396

                                    So does the web front end need Non-HTTP Activation? This only appears under .NET 3.5 which isn't mentioned in the pre-reqs?

                                    4 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • SQL 2014 cannot create the databses from remote

                                      if you try to create the databases from remote on a SQL 2014 box you get an error.

                                      3 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Extend invoke_mbamClientdeployment.ps1 with a parameter to specify protectors

                                        would like to have an Option to specify the protectors like tpm only or tpm and pin.

                                        3 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • Permissions Required for SQL: Securityadmin right is needed to create the logins

                                          Permissions Required for SQL: securityadmin right is needed to create the Logins. Create database and processadmin is not enough.

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          • Don't see your idea?

                                          Microsoft BitLocker Administration and Monitoring

                                          Feedback and Knowledge Base