BitLocker Administration and Monitoring: Part 3

This is the third and final post in a series about MBAM. This post will detail the required GPO’s and will actually recover a key from MBAM.

Group Policy

First, we need to import the Group Policy templates for MBAM. You can download the templates for the entire MDOP pack here: https://microsoft.com/en-us/download/details.aspx?id=41183. Extract the cab file, and copy the BitLockerManagement.admx and BitLockerUserManagement.admx files and the ADML files that corresponds to your language to a domain controller. Insert them into your administrative templates. You will find them at Computer Configuration > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management). You should set the following policy. It tells the MBAM client where to report.

MDOP MBAM (BitLocker Management) > Client Management

Configure MBAM Services

All other Group Policy options are up to your organization.

You can use the other Group Policies to encrypt the drive. You can also manually encrypt drives using the BitLocker Control Panel applet. You will also notice that there is a new BitLocker Encryption Options Control Panel applet.

1

Recovering a Key

Now that I have a client properly installed, I can recover a key if necessary. I made a BIOS change to my test machine and booted it. You are now presented with a screen that presents a recovery key ID.

2

I can the first 8 characters of the key over to my MBAM self-service page and type it in:

3

After that, I can press Get Key and it will show the recovery key.

The process from the Help Desk portal is the same – input the key and submit. If you want to enter a user domain and ID, you can.

4

Share:

Facebook
Twitter
LinkedIn

Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.