Friday, 16 May 2014

MBAM 2.5 - FORCE a user to encrypt

Finally we can FORCE a user to start BitLocker Drive Encryption via MBAM (Microsoft BitLocker Administration and Monitoring). In previous versions you could configure Group Policy Objects that would prompt users to encrypt. However there was a "Postpone option", which users could use indefinitely. You could view compliance reports to identify culprits, but that wasn't very satisfactory.

Now MBAM 2.5 (shipped with MDOP 2014, released on 13th May 2014) has additional GPOs which greatly enhance the Microsoft encryption offering. 

My favourite is shown below. Simply enable Encryption Policy Enforcement to force encryption.

The policy also allows you to configure a grace period. You can define a number of days, after which encryption will be forced. My standard grace period is 0 days.



  1. Does already deployed version 2.0 MBAM will have the option to initiate forcefully using group policy?

    1. Sorry Adeel, I don't understand the question.