Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Please upload the Invoke-MbamClientDeployment.ps1 to MS Downloadcenter, it's not availble for download

    Dear MBAM Team,
    in this whitepaper -> https://technet.microsoft.com/en-us/library/dn645336.aspx
    you're talking about the "Invoke-MbamClientDeployment.ps1" Script and the possibility to download it from Microsoft.com Download Center. However that file cannot be found in the Download Center. Please provide a working link to the script ot at least really upload it to the Download Center.
    Kind Regards
    Alexander

    2 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Better handling of Computer Renames

      When a computer is renamed, MBAM never picks up the new name. Instead a new entry is added in MBAM with the new name. There should be a way for the new name to be picked up, and possible show what the previous name was.

      56 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        1 comment  ·  Admin →
      • 1 vote
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • Multifactor Authentication in MBAM SelfService Portal

          We would like to implement Azure Multifactor Authentication for MBAM SelfService Portal. Is it possible with current MBAM 2.5 setup?

          Currently MBAM SelfService portal is corporate AD authenticated. To secure it more we have Azure Multifactor subscription that we would like implement for dual authentication of MBAM SelfService portal.

          15 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Admin →
          • User exception

            Would like to see improvements in the user exception to allow us to provide a group of users the option to encrypt/ not encrypt removable media on a case by case basis, regardless of which machine they login to. I believe as of now, exemptions are handled by computer policy rather than user policy.

            8 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              1 comment  ·  Admin →
            • Ability to create departments folders

              We need to be able to create folder or OU's for better management

              9 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
              • Push Pull option for Client server communication

                Push Pull option for Client server communication to update the encryption keys

                8 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                • Add the option to filter reports by domain

                  In our environment we manage multiple Domains each with their own IT department.
                  In order to be able to provide our users with 24h Support arround the globe we are using a central server setup in our Headquarters to which all IT departments have access.
                  So right now, if I open up the Enterprise Report all devices from all Domains are included in the Report. Here I would like to be able to filter the Report by Domain so I know the compliance the devices in our specific Domain without having to first Export it to Excel and use filters…

                  2 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Provide computers' history of changes

                    For investigations, I am often confronted with the need to determine when a specific computer has been encrypted for the first time and all the modifications that have been done since that time (protection suspension, etc.).

                    Today with MBAM, we can only retrieve the very last computer's information. It would be great to save audit changes any time some characteristic (on the compliance side) of a machine changes.
                    A new report displaying this information per-machine would be great then.

                    39 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)

                      Can you explain more why the history of changes would be helpful for auditors? If a machine was lost or stolen, wouldn’t the last state be the one you cared about?

                    • Add pin change to group policy

                      Allow customer to define if the want to enforce a pin expiration.

                      Allow deployment team to encrypt drive and policy would then cause a user to input pin on first use.

                      base on the 30 /60 / 90 or custome quantity of days in the policy.

                      83 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                      • Provide better information on how to backup and restore MBAM databases

                        Documentation could be much better on backup and restore topic

                        9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • Provide an easy to use DB Cleanup tool

                          Provide an easy to use DB Cleanup tool...overtime as users and machines change, there should be an easy to use tool to report on inactive machines and perform a clean up or even a tool which allows techs to enter a machine name to remove all traces of it from the DB, if desired.

                          15 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Admin →
                          • allow monitoring of workgroup machines

                            allow monitoring of workgroup (non domain) machines

                            6 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • Document the SSRS reports customization for large enterprises

                              Allow to define report scope by definable categories to allow federation base on roles. example report base on region,country site and role...

                              10 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                              • Identify TPM Owner Hash by HardwareID

                                Currently the TPM Hash is identified by the Computername, which could change. I think it would be better to use a hardwareID like Serial or UUID instead. Computernames can change, and during a rebuild with computername change you do not even get a new TPM Owner Hash, because TPM is already owned (only way to come around this is to clear TPM during rebuild, unfortunatly you get Physical Presence BIOS Prompts by doing so, so this is not as "unattended" as required).

                                10 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                • Integrate DRA to installation requirements and planning

                                  DRA should be in planning and install consideration today no best practices are available ..

                                  3 votes
                                  Vote
                                  Sign in
                                  Check!
                                  (thinking…)
                                  Reset
                                  or sign in with
                                  • facebook
                                  • google
                                    Password icon
                                    I agree to the terms of service
                                    Signed in as (Sign out)
                                    You have left! (?) (thinking…)
                                    1 comment  ·  Admin →
                                  • Customizable challenge /pin screen for all OS supported

                                    Currently no legal notice can be addressed an url links need to be customizable for a enterprise with language support.

                                    2 votes
                                    Vote
                                    Sign in
                                    Check!
                                    (thinking…)
                                    Reset
                                    or sign in with
                                    • facebook
                                    • google
                                      Password icon
                                      I agree to the terms of service
                                      Signed in as (Sign out)
                                      You have left! (?) (thinking…)
                                    • Add Hardware readiness checks

                                      Allow customers to define hardware bios versions they would like to support and security chip configurations compliance out side of PCR checks .. Some he Physical presence for provision needs to be disabled in order to allow n automated build to proceed.. Mbam check for power why not a customer define white list... At mbam client install.. As a prerequisite check...

                                      This can save customers from hours of work per model they support with bitlocker..

                                      2 votes
                                      Vote
                                      Sign in
                                      Check!
                                      (thinking…)
                                      Reset
                                      or sign in with
                                      • facebook
                                      • google
                                        Password icon
                                        I agree to the terms of service
                                        Signed in as (Sign out)
                                        You have left! (?) (thinking…)
                                      • Client side diagnostic for escrow of tpm and drive keys..

                                        Today a install can occur drive escrows but tpm could fail and too late to detect an issue until after a system register to sql db...

                                        There should be a check that when using tpm as a protector that this is checked before you begin encryption..

                                        2 votes
                                        Vote
                                        Sign in
                                        Check!
                                        (thinking…)
                                        Reset
                                        or sign in with
                                        • facebook
                                        • google
                                          Password icon
                                          I agree to the terms of service
                                          Signed in as (Sign out)
                                          You have left! (?) (thinking…)
                                        • Mbam sql backup / extract prcedure or too prior to sql cleanup for aged systems in db..

                                          Create a saftey net so SQL db can be clean up and admin can if they do not have a highly redundant enviroment for dev or test...

                                          This would help admins perform safe cleanups versus not performing this maintence in these environments .

                                          1 vote
                                          Vote
                                          Sign in
                                          Check!
                                          (thinking…)
                                          Reset
                                          or sign in with
                                          • facebook
                                          • google
                                            Password icon
                                            I agree to the terms of service
                                            Signed in as (Sign out)
                                            You have left! (?) (thinking…)
                                          • Don't see your idea?

                                          Microsoft BitLocker Administration and Monitoring

                                          Feedback and Knowledge Base