Microsoft BitLocker Administration and Monitoring

Welcome to the Microsoft BitLocker Administration and Monitoring customer feedback site! Please submit your ideas or vote for one of the current features suggested below. The engineering team is actively monitoring the site and we want to hear from you!

I suggest you ...

You've used all your votes and won't be able to post a new idea, but you can still search and comment on existing ideas.

There are two ways to get more votes:

  • When an admin closes an idea you've voted on, you'll get your votes back from that idea.
  • You can remove your votes from an open idea you support.
  • To see ideas you have already voted on, select the "My feedback" filter and select "My open ideas".
(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  1. Multi OS base policy tpm or tpm +pin

    As new hw become more secure admin will need to create multI level OS specific policies... One policy for the enterprise to allow combination of supported configurations ... Extend what's been done for UEFI and legacy system ..versus multiple policies and multiple sub OUs..

    1 vote
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      You have left! (?) (thinking…)
    • Ability to create device exceptions

      Other encryption solutions allow the ability to add exceptions for single devices (i.e. a specific USB device) or groups of devices (i.e. all USB drives of a certain make/model). I believe it's based on hardware IDs or something else that's unique to each device/group.

      135 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        I agree to the terms of service
        Signed in as (Sign out)
        You have left! (?) (thinking…)
      • Automate notification for Non-compliance

        There should be an automation in the process of finding the cause for the non-compliance of the machine. There should be method so that the administrators can know reason for the non-compliance easy enough. If a machine is non-compliant, MBAM Admin can receive a notification about the non-compliance and the reason for it.

        17 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          I agree to the terms of service
          Signed in as (Sign out)
          You have left! (?) (thinking…)
        • USB device MBAM client support

          Currenlty MBAM Client 2.5 does not have any activity in encrypting USB sticks, even if Removable Media policies are configured. USB stick encryption must be done manually with OS Bitlocker control, and it will require to print-out the recovery key, since AD recovery is not used because we have MBAM. Printing out Recovery Key is problematic and security risk for end-users.

          19 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            I agree to the terms of service
            Signed in as (Sign out)
            You have left! (?) (thinking…)
          • Client, Server and Setup general improvements.

            I think that a lot of functionalities are lacking in the Client and Server. The work for whoever is implementing MBAM could be greatly simplified by some additions

            Client:
            - 'Status' tab which shows what the client has sent to the MBAM server, how long ago it sent it, if communications are OK to the server in the last x hours.
            - A list of users that have been associated with the computer so that you know who can request the key in the self service site (this is maybe useless, but it might be good for debugging purposes)

            Server: …

            41 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              I agree to the terms of service
              Signed in as (Sign out)
              You have left! (?) (thinking…)

              Hi Miguel, It sounds like you want improved diagnostics. Great feedback. Can you provide more information about the challenges with Setup? You mention confusing online instructions, etc. Can you provide some examples?

            • Client Install Dependencies

              We run into issues with Visual Studio Assemblies (Redistribute Package) updates for latest MBAM 2.5 client. In default install is some library blocked by HP Software preinstalled with some drivers. Nice, if some in knowledgabase is written working set of dependencies or some of this type of troubleshooting. Client after run only silenty fail with this scenario.

              1 vote
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                I agree to the terms of service
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                1 comment  ·  Admin →
              • Add Compliance reporting for Bitlocker to Go devices in MBAM.

                Right now, MBAM does not report on compliance for Bitlocker To Go devices. Specifically USB based devices. I am aware of the GPO to set the devices to read only if they are not encrypted, however, reporting on compliance in terms of what IS encrypted/un-encrypted would be helpful for customers that have strict regulatory compliance audits.

                27 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  I agree to the terms of service
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  under review  ·  1 comment  ·  Admin →
                • What about a diagnostic tool for client side troubleshooting ?

                  I think that a user friendly tool dedicated to MBAM/Bitlocker more explicit that EventLog or others logfiles can help IT to resolve this cases :
                  - Why encryption not start ?
                  - My Mbam server is up and ready to escro the key ?
                  - Existing GPO/Regedit conflits settings ?
                  - Reporting is OK ?
                  - etc.

                  Regards,
                  Jean-Baptiste

                  93 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    I agree to the terms of service
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                  • Provide coherent documentation on how to implement MBAM

                    The technet documentation is a perfect example of how not to structure knowledge. I've never seen anything more fragmented and incoherent. Half the content is represented by pointers to other content.

                    20 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      I agree to the terms of service
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                    • Multi-Client capability

                      All companies i have been in the past with BL and MBAM are asking for this to Support different departments inside their AD/Company.
                      So department A should not be able to get Keys from department B and so on. This should be solved with one instance of MBAM.

                      35 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        I agree to the terms of service
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        under review  ·  1 comment  ·  Admin →
                      • 9 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          I agree to the terms of service
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                        • 56 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            I agree to the terms of service
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                          • Self-Service Portal on Extranet

                            My customer doesn’t have 24/7 helpdesk support, so it will be great feature to allow users to get BitLocker Recovery Key without Intranet connection (i.e. supported deployment in DMZ, Extranet, …) with possibility to support strong authentication with or without ADFS.

                            15 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              I agree to the terms of service
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                            • 9 votes
                              Vote
                              Sign in
                              Check!
                              (thinking…)
                              Reset
                              or sign in with
                              • facebook
                              • google
                                Password icon
                                I agree to the terms of service
                                Signed in as (Sign out)
                                You have left! (?) (thinking…)
                                1 comment  ·  Admin →
                              • Official supportability for Windows Server

                                Customers should have clear picture of the compliance of all their machines including servers not only laptops and workstations. Also some developers have Windows Server OS on their laptops as primary OS. And finally MBAM agent works on Windows Server if you edit MSI in ORCA editor so why don’t we support it?:)

                                7 votes
                                Vote
                                Sign in
                                Check!
                                (thinking…)
                                Reset
                                or sign in with
                                • facebook
                                • google
                                  Password icon
                                  I agree to the terms of service
                                  Signed in as (Sign out)
                                  You have left! (?) (thinking…)
                                  1 comment  ·  Admin →
                                1 2 3 5 Next →
                                • Don't see your idea?

                                Microsoft BitLocker Administration and Monitoring

                                Feedback and Knowledge Base