%3CLINGO-SUB%20id%3D%22lingo-sub-1279246%22%20slang%3D%22en-US%22%3EConfigMgr%20Bitlocker%20Management%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1279246%22%20slang%3D%22en-US%22%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%20Folks!%20I%E2%80%99m%20Naveen%20kanneganti%20and%20Welcome%20to%20my%20blogpost.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EConfigmgr%20has%20release%20BitLocker%20Drive%20Encryption%20(BDE)%20in%20v1910%20for%20on-premises%20Windows%20clients%20running%20Windows%2010%20or%20Windows%208.1.%20This%20feature%20is%20optional%20so%2C%20you%20must%20enable%20this%20feature%20before%20using%20it.%20Enable%20co-management%20and%20benefit%20from%20cloud-based%20BitLocker%20management%20with%20Microsoft%20Intune%20is%20the%20best%20approach.%20However%2C%20there%20are%20scenario%E2%80%99s%20where%20cloud%20is%20not%20an%20option%20and%20require%20managing%20on-premises%20clients.%20configmgr%20gives%20this%20capability%20from%20V1910%20and%20can%20replace%20the%20use%20of%20Microsoft%20BitLocker%20Administration%20and%20Monitoring%20(MBAM).%20This%20post%20is%20intended%20to%20give%20you%20guidance%20to%20implement%20Configmgr%20Bitlocker%20management%2C%20monitoring%20and%20troubleshooting.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EConfigmgr%20will%20provide%20the%20following%20BitLocker%20management%20capabilities%3A%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1116914512%22%20id%3D%22toc-hId-1116914486%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--690539951%22%20id%3D%22toc-hId--690539977%22%3E%3CSTRONG%3EClient%20deployment%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EBitlocker%20client%20deployment%20with%20seamless%20experience%20in%20configmgr%20console%20to%20manage%20devices%20running%20Windows%2010%20or%20Windows%208.1%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-1796972882%22%20id%3D%22toc-hId-1796972856%22%3E%3CSTRONG%3EManage%20encryption%20policies%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EBitlocker%20Drive%20Encryption%20-%20Settings%20like%20drive%20encryption%20and%20cipher%20strength%20on%20Operating%20System%20Drives%2C%20Fixed%20Data%20Drives%20and%20Removable%20Data%20Drives.ConfigMgr%201910%20only%20supports%20starting%20encryption%20on%20the%20OS%20drive.%20It%20does%20not%20support%20starting%20encryption%20on%20Fixed%20or%20Removable%20drives%20but%20support%20compliance%20reporting%20.ConfigMgr%202002%20supports%20Encryption%20of%20Fixed%20and%20Removable%20drives.%3C%2FLI%3E%0A%3CLI%3EClient%20Management%20-%20settings%20like%20Bitlocker%20recovery%20information%20to%20be%20store%20and%20client%20checking%20status%20frequency%3C%2FLI%3E%0A%3CLI%3E%3CP%3ECompliance%20-%20Starting%20with%20ConfigMgr%202002%20you%20can%20force%20users%20to%20get%20compliant%20with%20new%20security%20policies%3C%2FP%3E%0A%3C%2FLI%3E%0A%3CLI%3EOS%20Drive%20Management%20-%20Settings%20like%20protector%20for%20OS%20drive%2C%20minimum%20PIN%20length%3C%2FLI%3E%0A%3CLI%3EAuto%20Unlock%20-%20When%20a%20user%20unlocks%20the%20OS%20drive%20specify%20whether%20to%20unlock%20only%20an%20OS%20drive%20or%20all%20attached%20drives.%3C%2FLI%3E%0A%3CLI%3ESetting%20PIN%2FPassword%20-Customize%20your%20organization's%20security%20profile%20on%20a%20per%20device%20basis.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--10481581%22%20id%3D%22toc-hId--10481607%22%3E%3CSTRONG%3ECompliance%20reports%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3EBuilt-in%20reports%2C%20currently%20available%20are%3A%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EEncryption%20status%20per%20volume%20or%20per%20device%3C%2FLI%3E%0A%3CLI%3EThe%20primary%20user%20of%20the%20device%3C%2FLI%3E%0A%3CLI%3ECompliance%20status%3C%2FLI%3E%0A%3CLI%3EReasons%20for%20non-compliance%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId--1817936044%22%20id%3D%22toc-hId--1817936070%22%3E%3CSTRONG%3EAdministration%20and%20monitoring%20website%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EUser%20admins%20outside%20of%20Configmgr%20console%20able%20to%20help%20with%20key%20recovery%20including%20key%20rotation%20and%20other%20BitLocker-related%20support%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CH3%20id%3D%22toc-hId-669576789%22%20id%3D%22toc-hId-669576763%22%3E%3CSTRONG%3EUser%20self-service%20portal%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EUsers%20able%20to%20get%20single-use%20key%20for%20unlocking%20a%20BitLocker%20encrypted%20device.%20Once%20this%20key%20is%20used%2C%20it%20generates%20a%20new%20key%20for%20the%20device.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId-659073685%22%20id%3D%22toc-hId-659073659%22%3E%3CSTRONG%3EDeploy%20and%20Use%20Bitlocker%20%3C%2FSTRONG%3E%3C%2FH2%3E%0A%3CP%3EConfigmgr%201910%20introduce%20Bitlocker%20management%20to%20manage%20manage%20BitLocker%20Drive%20Encryption%20(BDE)%20for%20configmgr%20managed%20devices.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3EPrerequisites%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAdministrator%20users%20require%20full%20administrator%20Role%20in%20configmgr%20to%20create%20Bitlocker%20management%20policies%3C%2FLI%3E%0A%3CLI%3Efor%20configmgr%201910%20%2CHttps-enabled%20management%20Point%20is%20required%20to%20integrate%20Bitlocker%20recovery%20service%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CEM%3ENote%3A%20if%20no%20HTTPS%20MP%20found%2C%20client%20will%20show%20%E2%80%9Cunable%20to%20find%20suitable%20recovery%20service%20MP%E2%80%9D%20in%20bitlockermanagementhandler.log%3C%2FEM%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_0-1585926100333.png%22%20style%3D%22width%3A%20773px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181906i6E4C2801E5A07768%2Fimage-dimensions%2F773x215%3Fv%3D1.0%22%20width%3D%22773%22%20height%3D%22215%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_0-1585926100333.png%22%20alt%3D%22Naveen_Kanneganti_0-1585926100333.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EIn%20ConfigMgr%202002%20%2C%20https%20Management%20point%20is%20not%20mandatory%20to%20work%20however%2C%20just%20HTTPS-enable%20the%20IIS%20website%20on%20the%20management%20point%20that%20hosts%20the%20recovery%20service%20is%20required%3C%2FLI%3E%0A%3CLI%3EClient%20computers%20need%20to%20join%20on-premises%20Active%20directory%3C%2FLI%3E%0A%3CLI%3EReporting%20services%20point%20is%20required%20to%20use%20reports%3C%2FLI%3E%0A%3CLI%3EIIS%20server%20is%20required%20to%20use%20self-service%20portal%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EFor%20more%20information%2C%20please%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fplan-design%2Fbitlocker-management%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fplan-design%2Fbitlocker-management%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EFollowing%20is%20the%20step%20by%20step%20procedure%20to%20enable%20Bitlocker%20on%20configmgr%20Managed%20Devices%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1349635159%22%20id%3D%22toc-hId-1349635133%22%3E%3CSTRONG%3EBitlocker%20Management%20Control%20Policy%20%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EOpen%20the%20SCCM%20console%3C%2FLI%3E%0A%3CLI%3EGo%20to%20%3CSTRONG%3EAssets%20and%20Compliance%5COverview%5CEndpoint%20Protection%5CBitLocker%20Management%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3ERight-click%20%3CSTRONG%3EBitLocker%20Management%3C%2FSTRONG%3E%20and%20click%20%3CSTRONG%3ECreate%20Bitlocker%20Management%20Control%20Policy%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EGive%20the%20name%3C%2FLI%3E%0A%3CLI%3ESelect%20%3CSTRONG%3EClient%20Management%3C%2FSTRONG%3E%20and%20%3CSTRONG%3EOperating%20System%20Drive%3C%2FSTRONG%3E%20and%20then%20click%20%3CSTRONG%3ENext%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_1-1585926182399.png%22%20style%3D%22width%3A%20597px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181910iA9B99C057972CA53%2Fimage-dimensions%2F597x437%3Fv%3D1.0%22%20width%3D%22597%22%20height%3D%22437%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_1-1585926182399.png%22%20alt%3D%22Naveen_Kanneganti_1-1585926182399.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOn%20the%20%3CSTRONG%3ESetup%3C%2FSTRONG%3E%20page%20select%20desired%20options%20as%20shown%20below%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EExample%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EChoose%20a%20drive%20encryption%20and%20cipher%20strength%20(windows%2010)%3A%20Enabled%3C%2FLI%3E%0A%3CLI%3EOperating%20System%20Drives%3A%20XTS-AES%20256-bit%3C%2FLI%3E%0A%3CLI%3EFixed%20Data%20Drives%3A%20XTS-AES%20256-bit%3C%2FLI%3E%0A%3CLI%3ERemovable%20Data%20Drives%3A%20XTS-AES%20256-bit%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_2-1585926182406.png%22%20style%3D%22width%3A%20577px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181909i2ED070B8BDDBEA11%2Fimage-dimensions%2F577x472%3Fv%3D1.0%22%20width%3D%22577%22%20height%3D%22472%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_2-1585926182406.png%22%20alt%3D%22Naveen_Kanneganti_2-1585926182406.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOn%20%3CSTRONG%3EClient%20Management%3C%2FSTRONG%3E%20page%2C%20select%20desired%20options%20as%20shown%20below%20and%20click%3CSTRONG%3E%20Next%3C%2FSTRONG%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EExample%3A%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EConfigure%20Bitlocker%20Management%20Services%3A%20Enabled%3C%2FLI%3E%0A%3CLI%3ESelect%20bitlocker%20recovery%20information%3A%20Recovery%20password%20and%20key%20package%3C%2FLI%3E%0A%3CLI%3ECheck%20the%20box%20Allow%20recovery%20information%20to%20be%20stored%20in%20plain%20text%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3E%3CEM%3ENote%3A%20%3C%2FEM%3E%3CEM%3Eif%20no%20Bitlocker%20management%20encryption%20certificate%2C%20you%20can%E2%80%99t%20continue%20to%20next%20tab%20without%20check%20box%20%E2%80%9CAllow%20recovery%20information%20to%20be%20stored%20in%20plain%20text%22.%20%3C%2FEM%3E%20%3CEM%3Eif%20you%20consider%20encrypting%20key%20recovery%20information%20in%20site%20database%20at%20later%20stage%20you%20can%20do%20so%20%3C%2FEM%3E%3CEM%3Efollow%20the%20article%20%3C%2FEM%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fdeploy-use%2Fbitlocker%2Fencrypt-recovery-data%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CEM%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fdeploy-use%2Fbitlocker%2Fencrypt-recovery-data%26nbsp%3B%3C%2FEM%3E%3C%2FA%3E%3CEM%3Eto%20encrypt%20key%20recovery%20info%20in%20database%3C%2FEM%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3EEnter%20client%20checking%20status%20frequency%20in%20(minutes)%3A%2090%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_3-1585926182475.png%22%20style%3D%22width%3A%20598px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181911i8145B4C1DF267ACC%2Fimage-dimensions%2F598x495%3Fv%3D1.0%22%20width%3D%22598%22%20height%3D%22495%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_3-1585926182475.png%22%20alt%3D%22Naveen_Kanneganti_3-1585926182475.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOn%20%3CSTRONG%3EOperating%20System%20Drive%3C%2FSTRONG%3E%20page%2C%20select%20desired%20options%20as%20shown%20below%20and%20click%20%3CSTRONG%3ENext%3C%2FSTRONG%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EExample%3A%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EOperating%20System%20Drive%20Encryption%20Settings%3A%20Enabled%3C%2FLI%3E%0A%3CLI%3EAllow%20Bitlocker%20without%20a%20compatible%20TPM%20(requires%20a%20password)%3A%20Allow%3C%2FLI%3E%0A%3CLI%3ESelect%20protector%20for%20operation%20system%20drive%3A%20TPM%20only%3C%2FLI%3E%0A%3CLI%3EConfigure%20minimum%20PIN%20length%20for%20startup%3A%204%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_4-1585926182534.png%22%20style%3D%22width%3A%20608px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181912i657E25867B00CF83%2Fimage-dimensions%2F608x482%3Fv%3D1.0%22%20width%3D%22608%22%20height%3D%22482%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_4-1585926182534.png%22%20alt%3D%22Naveen_Kanneganti_4-1585926182534.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EOn%20the%20%3CSTRONG%3ESummary%3C%2FSTRONG%3E%20Page%2C%20review%20your%20choices%20and%20click%20%3CSTRONG%3ENext%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EOn%20the%20%3CSTRONG%3ECompletion%3C%2FSTRONG%3E%20Page%2C%20close%20the%20wizard.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--457819304%22%20id%3D%22toc-hId--457819330%22%3E%3CSTRONG%3EDeploy%20Bitlocker%20Management%20Control%20Policy%20%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3ERight%20click%20on%20created%20%3CSTRONG%3EPS0%20Bitlocker%20Management%20Policy%3C%2FSTRONG%3E%20and%20click%3CSTRONG%3E%20Deploy%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_5-1585926253509.png%22%20style%3D%22width%3A%20639px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181914i6E55CC9C4F508EF8%2Fimage-dimensions%2F639x222%3Fv%3D1.0%22%20width%3D%22639%22%20height%3D%22222%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_5-1585926253509.png%22%20alt%3D%22Naveen_Kanneganti_5-1585926253509.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ESelect%20desired%20collection%20and%20simple%20schedule%3C%2FLI%3E%0A%3CLI%3EClick%20%3CSTRONG%3Eok%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_6-1585926253533.png%22%20style%3D%22width%3A%20628px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181913iB895D65D31936B35%2Fimage-dimensions%2F628x778%3Fv%3D1.0%22%20width%3D%22628%22%20height%3D%22778%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_6-1585926253533.png%22%20alt%3D%22Naveen_Kanneganti_6-1585926253533.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-2029693529%22%20id%3D%22toc-hId-2029693503%22%3E%3CSTRONG%3EMonitoring%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EMonitor%20the%20progress%20at%20%3CINSTALL%20location%3D%22%22%3E%5CLogs%5Cmpcontrol.log.%20When%20completed%20you%E2%80%99ll%20have%20the%20following%20lines%20in%20the%20log%3C%2FINSTALL%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3ESuccessfully%20ran%20'C%3A%5CWindows%5Csystem32%5CWindowsPowerShell%5Cv1.0%5CPowerShell.exe%20-ExecutionPolicy%20RemoteSigned%20-File%20%22C%3A%5CProgram%20Files%5CMicrosoft%20Configuration%20Manager%5Cbin%5Cx64%5Cmbamrecoveryserviceinstaller.ps1%22'.%20Exit%20code%20%3D%200.%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3EHandleMPRegistryChanges()%3A%20EnableMBAM()%20succeeded.%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_7-1585926253618.png%22%20style%3D%22width%3A%20632px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181915iD09C5CA728640363%2Fimage-dimensions%2F632x346%3Fv%3D1.0%22%20width%3D%22632%22%20height%3D%22346%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_7-1585926253618.png%22%20alt%3D%22Naveen_Kanneganti_7-1585926253618.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThe%20following%20SMS_MP_MBAM%20service%20is%20created%20in%20IIS%20at%20%3CSTRONG%3ESites%5CDefault%20Web%20Site%5CSMS_MP_MBAM%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_8-1585926253698.png%22%20style%3D%22width%3A%20618px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181918i454EDC1EB90D2B90%2Fimage-dimensions%2F618x821%3Fv%3D1.0%22%20width%3D%22618%22%20height%3D%22821%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_8-1585926253698.png%22%20alt%3D%22Naveen_Kanneganti_8-1585926253698.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--472924413%22%20id%3D%22toc-hId--472924439%22%3E%3CSTRONG%3EClient%20%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EWhen%20the%20%3CSTRONG%3EBitlocker%20Management%20Control%20Policy%3C%2FSTRONG%3E%20is%20deployed%20successfully%2C%20you%20will%20see%20%3CSTRONG%3EMDOP%20MABM%3C%2FSTRONG%3E%20program%20installed%20at%20%3CSTRONG%3EControl%20Panel%5CPrograms%5CPrograms%20and%20Features%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_10-1585926253789.png%22%20style%3D%22width%3A%20631px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181916i6474573574D367F7%2Fimage-dimensions%2F631x186%3Fv%3D1.0%22%20width%3D%22631%22%20height%3D%22186%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_10-1585926253789.png%22%20alt%3D%22Naveen_Kanneganti_10-1585926253789.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EReg%20keys%20are%20created%20as%20shown%20below%20at%20%3CSTRONG%3EComputer%5CHKEY_LOCAL_MACHINE%5CSOFTWARE%5CPolicies%5CMicrosoft%5CFVE%5CMDOPBitLockerManagement%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_11-1585926253798.png%22%20style%3D%22width%3A%20594px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181920iF28E7072E6AD2718%2Fimage-dimensions%2F594x315%3Fv%3D1.0%22%20width%3D%22594%22%20height%3D%22315%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_11-1585926253798.png%22%20alt%3D%22Naveen_Kanneganti_11-1585926253798.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EThe%20following%202%20log%20files%20are%20created%20at%20%3CSTRONG%3Ec%3A%5Cwindows%5Cccm%5Clogs%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3CLI%3EBitlockerManagement_GroupPolicyHandler.log%3C%2FLI%3E%0A%3CLI%3EBitlockerManagementHandler.log%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_12-1585926253801.png%22%20style%3D%22width%3A%20648px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181919i5016777DB30916FD%2Fimage-dimensions%2F648x127%3Fv%3D1.0%22%20width%3D%22648%22%20height%3D%22127%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_12-1585926253801.png%22%20alt%3D%22Naveen_Kanneganti_12-1585926253801.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ECheck%20if%20the%20client%20can%20find%20Management%20from%20BitlockerManagementHandler.log%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_13-1585926253806.png%22%20style%3D%22width%3A%20637px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181921iBD8C008E3B39B5E4%2Fimage-dimensions%2F637x274%3Fv%3D1.0%22%20width%3D%22637%22%20height%3D%22274%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_13-1585926253806.png%22%20alt%3D%22Naveen_Kanneganti_13-1585926253806.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-2014588420%22%20id%3D%22toc-hId-2014588394%22%3E%3CSTRONG%3EBitlocker%20Encryption%20on%20clients%20%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH4%20id%3D%22toc-hId-336216676%22%20id%3D%22toc-hId-336216650%22%3E%3CSTRONG%3EUse%20Case%201%3A%3C%2FSTRONG%3E%3C%2FH4%3E%0A%3CP%3EWhen%20a%20BitLocker%20Management%20policy%20is%20deployed%20to%20configmgr%20managed%20device%2C%20a%20wizard%20will%20pop%20on%20the%20device%20prompting%20the%20user%20to%20start%20the%20bitlocker%20encryption.%20This%20is%20the%20recommend%20and%20primary%20method%20to%20use.%20you%20can%20also%20enable%20BitLocker%20via%20Task%20Sequences%20or%20%E2%80%9Cmanually%E2%80%9D%20via%20manage-bde%2Fscripts.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOn%20a%20new%20computer%20you%20may%20run%20these%20commands%20manually%20or%20using%20task%20sequence%20during%20OSD%20or%20other%20methods%20to%20enable%20Bitlocker%20drive%20encryption%20and%20escrow%20keys%20to%20configmgr.%20Here%20is%20some%20guidance%20to%20help%20with%20commands%2C%20monitor%20and%20troubleshooting%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERun%20Powershell%20command%20%3CSTRONG%3Egwmi%20-class%20mbam_volume%20-Namespace%20root%5Cmicrosoft%5Cmbam%3C%2FSTRONG%3E.%20search%20for%20%3CSTRONG%3ECompliant%20%3C%2FSTRONG%3Eand%3CSTRONG%3E%20ReasonsForNoncompliance%3C%2FSTRONG%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3E%3CEM%3ENote%3A%20the%20codes%20shown%20at%20ReasonsForNoncompliance%20gives%20the%20reasons%20for%20non-compliant%20state%20which%20helps%20during%20troubleshooting%3C%2FEM%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%20style%3D%22list-style-type%3A%20none%3B%22%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EIn%20this%20case%3A%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3ECompliant%20%3A0%20%5B%20non-Compliant%5D%3C%2FLI%3E%0A%3CLI%3EReasonsForNoncompliance%3A%20%7B1%2C16%2C3%7D%20%5B%20For%20codes%20information%2C%20please%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Ftech-ref%2Fbitlocker%2Fnon-compliance-codes%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Ftech-ref%2Fbitlocker%2Fnon-compliance-codes%3C%2FA%3E%20%5D%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERun%20Powershell%20command%20%3CSTRONG%3EManage-bde%20-status%3C%2FSTRONG%3E%20and%20check%20results%20as%20shown%20below%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EIn%20this%20case%3A%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3EFully%20decrypted%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_14-1585926487480.png%22%20style%3D%22width%3A%20650px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181922i78C17AC6B68F1A70%2Fimage-dimensions%2F650x652%3Fv%3D1.0%22%20width%3D%22650%22%20height%3D%22652%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_14-1585926487480.png%22%20alt%3D%22Naveen_Kanneganti_14-1585926487480.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EIn%20this%20scenario%2C%20Run%20Powershell%20command%20%3CSTRONG%3EManage-bde%20-on%20c%3A%20%3C%2FSTRONG%3Eand%20restart%20computer%20to%20begin%20encryption%20of%20C%20drive%20by%20Bitlocker%20Drive%20Encryption%20(BDE)%3C%2FLI%3E%0A%3CLI%3ENote%3A%20once%20the%20client%20receives%20the%20policy%2C%20Microsoft%20Bitlocker%20Administration%20and%20Monitoring%20wizard%20should%20popup%20on%20the%20clients%20(MBAM%20wizard%20may%20not%20appear%20for%20RDP%2FHyper%20V).%26nbsp%3B%3CP%3Ethis%20is%20the%20primary%20or%20recommended%20method%20to%20start%20the%20bitlocker%20encryption%3C%2FP%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_15-1585926487528.png%22%20style%3D%22width%3A%20638px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181924i5BD7A6AB2A10A818%2Fimage-dimensions%2F638x328%3Fv%3D1.0%22%20width%3D%22638%22%20height%3D%22328%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_15-1585926487528.png%22%20alt%3D%22Naveen_Kanneganti_15-1585926487528.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERun%20Powershell%20command%20%3CSTRONG%3EManage-bde%20-status%3C%2FSTRONG%3E%20to%20check%20the%20status%20of%20bitlocker%20drive%20encryption%20(BDE)%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_16-1585926487556.png%22%20style%3D%22width%3A%20645px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181923i35BDBD1B152B9FE1%2Fimage-dimensions%2F645x250%3Fv%3D1.0%22%20width%3D%22645%22%20height%3D%22250%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_16-1585926487556.png%22%20alt%3D%22Naveen_Kanneganti_16-1585926487556.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERun%20Powershell%20command%20%3CSTRONG%3Egwmi%20-class%20mbam_volume%20-Namespace%20root%5Cmicrosoft%5Cmbam%3C%2FSTRONG%3E.%20search%20for%3CSTRONG%3E%20Compliant%20%3C%2FSTRONG%3Eand%20%3CSTRONG%3EReasonsForNoncompliance%3C%2FSTRONG%3E%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3E%3CEM%3ENote%3A%20the%20codes%20shown%20at%20ReasonsForNoncompliance%20gives%20the%20reasons%20for%20non-compliant%20state%20which%20helps%20during%20troubleshooting%3C%2FEM%3E%3C%2FLI%3E%0A%3CLI%3EIn%20this%20case%3A%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3ECompliant%3A%201%20%5B%20Compliant%5D%3C%2FLI%3E%0A%3CLI%3EReasonsForNoncompliance%3A%20%7B%7D%20%5B%20it%20will%20display%20codes%20i.e.%20%7B1%2C16%2C3%7D.%20for%20codes%20information%2C%20please%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Ftech-ref%2Fbitlocker%2Fnon-compliance-codes%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Ftech-ref%2Fbitlocker%2Fnon-compliance-codes%3C%2FA%3E%20%5D%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_17-1585926545176.png%22%20style%3D%22width%3A%20633px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181926iD4543DC5D51A0013%2Fimage-dimensions%2F633x552%3Fv%3D1.0%22%20width%3D%22633%22%20height%3D%22552%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_17-1585926545176.png%22%20alt%3D%22Naveen_Kanneganti_17-1585926545176.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EYou%20can%20also%20search%20Deployed%20Bitlocker%20Management%20Control%20Policy%20in%20configuration%20manager%20applet%20located%20at%20%3CSTRONG%3EControl%20Panel%5CSystem%20and%20Security%3C%2FSTRONG%3E%20for%20Compliant%20state%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_18-1585926545195.png%22%20style%3D%22width%3A%20598px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181925i29EB238E8C7C9A05%2Fimage-dimensions%2F598x729%3Fv%3D1.0%22%20width%3D%22598%22%20height%3D%22729%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_18-1585926545195.png%22%20alt%3D%22Naveen_Kanneganti_18-1585926545195.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ECheck%20Event%20Viewer%20logs%20in%20Applications%20and%20Services%20Logs%5CMicrosoft%5CWindows%5CMBAM%5C%20for%20events%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_19-1585926545279.png%22%20style%3D%22width%3A%20609px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181927iEA60D583E3BEADA9%2Fimage-dimensions%2F609x356%3Fv%3D1.0%22%20width%3D%22609%22%20height%3D%22356%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_19-1585926545279.png%22%20alt%3D%22Naveen_Kanneganti_19-1585926545279.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CH4%20id%3D%22toc-hId--1471237787%22%20id%3D%22toc-hId--1471237813%22%3E%26nbsp%3B%3C%2FH4%3E%0A%3CH4%20id%3D%22toc-hId-1016275046%22%20id%3D%22toc-hId-1016275020%22%3E%3CSTRONG%3EUse%20Case%202%3A%3C%2FSTRONG%3E%3C%2FH4%3E%0A%3CP%3EYou%20may%20have%20configmgr%20managed%20devices%20already%20encrypted%20and%20escrowed%20to%20active%20directory.%20We%20can%20deploy%20configmgr%20policy%20and%20escrow%20keys%20to%20configmgr%20database.%20Here%20is%20some%20guidance%20to%20help%20deploy%20monitor%20and%20troubleshoot%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EComputer%20already%20encrypted%20and%20keys%20are%20backed%20with%20AD%20as%20shown%20below%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_21-1585926637177.png%22%20style%3D%22width%3A%20616px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181931i0466316CBF862F06%2Fimage-dimensions%2F616x224%3Fv%3D1.0%22%20width%3D%22616%22%20height%3D%22224%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_21-1585926637177.png%22%20alt%3D%22Naveen_Kanneganti_21-1585926637177.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EYou%20can%20check%20if%20recovery%20backup%20to%20active%20directory%20is%20enabled%20from%20registry%20%3CSTRONG%3EHKLM%5CSoftware%5CPolicies%5CMicrosoft%5CFVE%3C%2FSTRONG%3E%20as%20shown%20below%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_22-1585926637186.png%22%20style%3D%22width%3A%20671px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181930i0A5C3962C6550DD6%2Fimage-dimensions%2F671x394%3Fv%3D1.0%22%20width%3D%22671%22%20height%3D%22394%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_22-1585926637186.png%22%20alt%3D%22Naveen_Kanneganti_22-1585926637186.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAdd%20computer%20to%20%3CSTRONG%3EBitlocker%20Management%20Policy%20%3C%2FSTRONG%3Edeployed%20collection%3CSTRONG%3E.%20%3C%2FSTRONG%3Erefer%20%3CSTRONG%3Eclient%20%3C%2FSTRONG%3Esection%20to%20monitor%20policy%20deployment.%20You%20can%20monitor%20policy%20escrowed%20to%20configmgr%20on%20client%20from%20%3CSTRONG%3EApplications%20and%20Services%20Logs%5CMicrosoft%5CWindows%5CMBAM%5COperational%3C%2FSTRONG%3E%20in%20event%20Viewer.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_23-1585926637319.png%22%20style%3D%22width%3A%20673px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181932iCB2786A869C9985E%2Fimage-dimensions%2F673x513%3Fv%3D1.0%22%20width%3D%22673%22%20height%3D%22513%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_23-1585926637319.png%22%20alt%3D%22Naveen_Kanneganti_23-1585926637319.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH2%20id%3D%22toc-hId--1049344855%22%20id%3D%22toc-hId--1049344881%22%3E%3CSTRONG%3EInstall%20and%20configure%20BitLocker%20portals%3C%2FSTRONG%3E%3C%2FH2%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-1567250697%22%20id%3D%22toc-hId-1567250671%22%3E%3CSTRONG%3EPrerequisites%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EIIS%20server%20is%20required%20to%20use%20self-service%20portal%3C%2FLI%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Faspnet%2Fmvc%2Fmvc4%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3EMicrosoft%20ASP.NET%20MVC%204.0%3C%2FA%3E%20is%20required%20to%20install%20on%20same%20IIS%20server%20hosting%20self-service%20portal%3C%2FLI%3E%0A%3CLI%3ESysadmin%20rights%20on%20SQL%20is%20required%20for%20the%20account%20used%20to%20run%20scripts%20to%20install%20self-service%20portal%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%3EFor%20more%20information%2C%20please%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fplan-design%2Fbitlocker-management%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fplan-design%2Fbitlocker-management%3C%2FA%3E%3C%2FP%3E%0A%3CP%3ENote%3A%20in%20V1910%20install%20Portals%20on%20Primary%20site.%20In%20a%20hierarchy%20having%20CAS%2C%20install%20portals%20on%20Primary%20sites%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--240203766%22%20id%3D%22toc-hId--240203792%22%3E%3CSTRONG%3EInstall%20Portals%20%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3ECopy%20the%20files%20MBAMWebSiteInstaller.ps1%20and%20MBAMWebsite.cab%20from%20%3CSTRONG%3Econfigmgr%20installation%20folder%20%5Ccd.latest%5CSMSSETUP%5CBIN%5CX64%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CEM%3ENote%3A%20in%20V190%20these%20files%20are%20already%20available%20at%20%3CSTRONG%3Econfigmgr%20installation%20folder%20%5Ccd.latest%5CSMSSETUP%5CBIN%5CX64%3C%2FSTRONG%3E%20%3C%2FEM%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_25-1585926685966.png%22%20style%3D%22width%3A%20642px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181936i5E5E86199A8EDE09%2Fimage-dimensions%2F642x199%3Fv%3D1.0%22%20width%3D%22642%22%20height%3D%22199%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_25-1585926685966.png%22%20alt%3D%22Naveen_Kanneganti_25-1585926685966.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ERun%20the%20PowerShell%20command%20from%20the%20folder%20having%20MBAMWebSiteInstaller.ps1%20and%20MBAMWebsite.cab%20files.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E.%5CMBAMWebSiteInstaller.ps1%20-SqlServerName%20cm01.contoso.com%20-SqlDatabaseName%20CM_PS0%20-ReportWebServiceUrl%20%3CA%20href%3D%22http%3A%2F%2FCM01.contoso.com%2FReportServer%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttp%3A%2F%2FCM01.contoso.com%2FReportServer%3C%2FA%3E%20-HelpdeskUsersGroupName%20%22contoso%5CPS0%20CM%20BitLocker%20helpdesk%20users%22%20-HelpdeskAdminsGroupName%20%22contoso%5CPS0%20CM%20BitLocker%20helpdesk%20admins%22%20-MbamReportUsersGroupName%20%22contoso%5CPS0%20CM%20BitLocker%20report%20users%22%20-SiteInstall%20Both%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%5BFor%20more%20information%20on%20script%20usage%2C%20please%20see%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fdeploy-use%2Fbitlocker%2Fsetup-websites%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fconfigmgr%2Fprotect%2Fdeploy-use%2Fbitlocker%2Fsetup-websites%3C%2FA%3E%20%5D%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_26-1585926686000.png%22%20style%3D%22width%3A%20633px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181937iF4CCA253DD98784F%2Fimage-dimensions%2F633x285%3Fv%3D1.0%22%20width%3D%22633%22%20height%3D%22285%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_26-1585926686000.png%22%20alt%3D%22Naveen_Kanneganti_26-1585926686000.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAccess%20the%20self-service%20portal%20via%20URL%20%3CEM%3Ehttps%3A%2F%2F%20%5Bwebserver%20FQDN%5D%2FSelfService%3C%2FEM%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3EEx%3A%20%3CA%20href%3D%22https%3A%2F%2Fcm01.contoso.com%2Fselfservice%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcm01.contoso.com%2Fselfservice%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_27-1585926686004.png%22%20style%3D%22width%3A%20608px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181935i14C1E7CDD2AD0D88%2Fimage-dimensions%2F608x565%3Fv%3D1.0%22%20width%3D%22608%22%20height%3D%22565%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_27-1585926686004.png%22%20alt%3D%22Naveen_Kanneganti_27-1585926686004.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAccess%20Administration%20and%20monitoring%20portal%20via%20URL%20%3CEM%3Ehttps%3A%2F%2F%20%5Bwebserver%20FQDN%5D%2Fhelpdesk%3C%2FEM%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3EEx%3A%20%3CA%20href%3D%22https%3A%2F%2Fcm01.contoso.com%2Fhelpdesk%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcm01.contoso.com%2Fhelpdesk%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_28-1585926686016.png%22%20style%3D%22width%3A%20625px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181938i4EA082C6997D55A3%2Fimage-dimensions%2F625x297%3Fv%3D1.0%22%20width%3D%22625%22%20height%3D%22297%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_28-1585926686016.png%22%20alt%3D%22Naveen_Kanneganti_28-1585926686016.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EAfter%20installation%20of%20self-service%20portal%2C%20you%20can%20customize%20portal.%20Go%20to%20%3CSTRONG%3ESites%3C%2FSTRONG%3E%26gt%3B%3CSTRONG%3EDefault%20Web%20Site%3C%2FSTRONG%3E%26gt%3B%3CSTRONG%3ESelfService%3C%2FSTRONG%3E%20node.%20In%20the%20details%20pane%2C%20%3CSTRONG%3EASP.NET%3C%2FSTRONG%3E%20group%2C%20click%20%3CSTRONG%3EApplication%20Settings%3C%2FSTRONG%3E.%3CUL%20class%3D%22lia-list-style-type-circle%22%3E%0A%3CLI%3ECompanyName%20%3D%20The%20organization%20name%20displays%20in%20self-service%20portal%3C%2FLI%3E%0A%3CLI%3EDisplayNotice%20%3D%20notice%20that%20the%20user%20has%20to%20acknowledge%20in%20self-service%20portal%3C%2FLI%3E%0A%3CLI%3EHelpdeskText%20%3D%20helpdesk%20contact%20info%3C%2FLI%3E%0A%3CLI%3EHelpdeskUrl%20%3D%20The%20link%20for%20the%20HelpdeskText%20string.%3C%2FLI%3E%0A%3CLI%3ENoticeTextPath%20%3D%20The%20text%20of%20the%20initial%20notice%20that%20the%20user%20requires%20to%20acknowledge.%20By%20default%2C%20the%20full%20file%20path%20on%20the%20web%20server%20is%20C%3A%5Cinetpub%5CMicrosoft%20BitLocker%20Management%20Solution%5CSelf%20Service%20Website%5CNotice.txt.%20Edit%20and%20save%20the%20file%20in%20a%20plain%20text%20editor.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_29-1585926686040.png%22%20style%3D%22width%3A%20599px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181939iC6892689158432CC%2Fimage-dimensions%2F599x313%3Fv%3D1.0%22%20width%3D%22599%22%20height%3D%22313%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_29-1585926686040.png%22%20alt%3D%22Naveen_Kanneganti_29-1585926686040.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId--2047658229%22%20id%3D%22toc-hId--2047658255%22%3E%3CSTRONG%3EAdministration%20and%20monitoring%20Portal%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EAt%20Bitlocker%20recovery%20screen%2C%20note%20first%208%20characters%20of%20%3CSTRONG%3Erecovery%20Key%20ID%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3EEx%3A%20CB3AB643%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_30-1585926741503.png%22%20style%3D%22width%3A%20628px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181940i2BD39517CCCE7AD0%2Fimage-dimensions%2F628x476%3Fv%3D1.0%22%20width%3D%22628%22%20height%3D%22476%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_30-1585926741503.png%22%20alt%3D%22Naveen_Kanneganti_30-1585926741503.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ELogon%20to%20Administration%20and%20monitoring%20website%20via%20URL%20%3CEM%3Ehttps%3A%2F%2F%20%5Bwebserver%20FQDN%5D%2Fhelpdesk%3C%2FEM%3E.%20Give%20%3CSTRONG%3EUser%20Domain%3C%2FSTRONG%3E%2C%20%3CSTRONG%3EUser%20ID%3C%2FSTRONG%3E%2C%20first%208%20characters%20of%20recovery%3CSTRONG%3E%20Key%20ID%3C%2FSTRONG%3E%20(Ex%3A%20CB3AB643)%20and%20%3CSTRONG%3EReason%20for%20Drive%20Unlock%3C%2FSTRONG%3E.%20click%20%3CSTRONG%3ESubmit%3C%2FSTRONG%3E.%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_31-1585926741518.png%22%20style%3D%22width%3A%20621px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181941iDF14F906B78EECD2%2Fimage-dimensions%2F621x378%3Fv%3D1.0%22%20width%3D%22621%22%20height%3D%22378%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_31-1585926741518.png%22%20alt%3D%22Naveen_Kanneganti_31-1585926741518.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ECopy%20the%20Drive%20Recovery%20Key%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_32-1585926741533.png%22%20style%3D%22width%3A%20580px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181942iB18241BE83C8B2B2%2Fimage-dimensions%2F580x397%3Fv%3D1.0%22%20width%3D%22580%22%20height%3D%22397%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_32-1585926741533.png%22%20alt%3D%22Naveen_Kanneganti_32-1585926741533.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EGive%20the%20recovery%20key%20from%20previous%20step%20then%20press%3CSTRONG%3E%20enter%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_33-1585926741543.png%22%20style%3D%22width%3A%20628px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181944i7255666318C045A9%2Fimage-dimensions%2F628x526%3Fv%3D1.0%22%20width%3D%22628%22%20height%3D%22526%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_33-1585926741543.png%22%20alt%3D%22Naveen_Kanneganti_33-1585926741543.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EContinue%20to%20Windows%20log%20in%20screen%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_34-1585926741549.jpeg%22%20style%3D%22width%3A%20621px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181943i454F96EB7DD00F7C%2Fimage-dimensions%2F621x348%3Fv%3D1.0%22%20width%3D%22621%22%20height%3D%22348%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_34-1585926741549.jpeg%22%20alt%3D%22Naveen_Kanneganti_34-1585926741549.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CH3%20id%3D%22toc-hId-439854604%22%20id%3D%22toc-hId-439854578%22%3E%26nbsp%3B%3C%2FH3%3E%0A%3CH3%20id%3D%22toc-hId--669437918%22%20id%3D%22toc-hId--669437944%22%3E%3CSTRONG%3ESelf-service%20portal%3C%2FSTRONG%3E%3C%2FH3%3E%0A%3CUL%3E%0A%3CLI%3EAt%20Bitlocker%20recovery%20screen%2C%20note%20first%208%20characters%20of%20recovery%20Key%20ID%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3EEx%3A%20A5A530CC%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_35-1585926741557.png%22%20style%3D%22width%3A%20620px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181945i9CF1CCB9C84386FF%2Fimage-dimensions%2F620x519%3Fv%3D1.0%22%20width%3D%22620%22%20height%3D%22519%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_35-1585926741557.png%22%20alt%3D%22Naveen_Kanneganti_35-1585926741557.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3ELog%20on%20to%20the%20self-service%20portal%20via%20URL%20%3CEM%3Ehttps%3A%2F%2F%5Bwebserver%20FQDN%20%5D%2FSelfService%3C%2FEM%3E%20using%20User%20credentials%20of%20the%20computer%20from%20another%20device.%20Check%20the%20box%20%E2%80%9C%3CSTRONG%3EI%20have%20read%20and%20understand%20the%20above%20notice%E2%80%9D%3C%2FSTRONG%3E%20and%20click%20%3CSTRONG%3Econtinue%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3EEx%3A%20%3CA%20href%3D%22https%3A%2F%2Fcm01.contoso.com%2Fselfservice%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fcm01.contoso.com%2Fselfservice%2F%3C%2FA%3E%3C%2FP%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_36-1585926741561.png%22%20style%3D%22width%3A%20601px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181946i47FB0B4B01B053E1%2Fimage-dimensions%2F601x442%3Fv%3D1.0%22%20width%3D%22601%22%20height%3D%22442%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_36-1585926741561.png%22%20alt%3D%22Naveen_Kanneganti_36-1585926741561.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EGive%20the%20%3CSTRONG%3ERecovery%20Key%20ID%3C%2FSTRONG%3E%20(ex%3A%20A5A530CC)%20and%20select%20a%20%3CSTRONG%3EReason%3C%2FSTRONG%3E%20from%20drop%20down%20menu.%20Click%20%3CSTRONG%3EGet%20Key%20%3C%2FSTRONG%3Eand%20then%20Copy%20the%20Bitlocker%20recovery%20key%20generated%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_37-1585926741574.png%22%20style%3D%22width%3A%20605px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181948i6828713CAB044876%2Fimage-dimensions%2F605x607%3Fv%3D1.0%22%20width%3D%22605%22%20height%3D%22607%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_37-1585926741574.png%22%20alt%3D%22Naveen_Kanneganti_37-1585926741574.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EGive%20the%20recovery%20key%20from%20previous%20step%20then%20press%20%3CSTRONG%3Eenter%3C%2FSTRONG%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_38-1585926741585.png%22%20style%3D%22width%3A%20617px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181947iBCEDFE4B88D13281%2Fimage-dimensions%2F617x495%3Fv%3D1.0%22%20width%3D%22617%22%20height%3D%22495%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_38-1585926741585.png%22%20alt%3D%22Naveen_Kanneganti_38-1585926741585.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CUL%3E%0A%3CLI%3EContinue%20to%20Windows%20log%20in%20screen%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3CP%20class%3D%22lia-indent-padding-left-60px%22%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Naveen_Kanneganti_39-1585926741591.jpeg%22%20style%3D%22width%3A%20623px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F181949i4F4F08B238CB1A22%2Fimage-dimensions%2F623x352%3Fv%3D1.0%22%20width%3D%22623%22%20height%3D%22352%22%20role%3D%22button%22%20title%3D%22Naveen_Kanneganti_39-1585926741591.jpeg%22%20alt%3D%22Naveen_Kanneganti_39-1585926741591.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHope%20this%20step%20by%20step%20process%20and%20Monitoring%20helps%20in%20deployment%20and%20troubleshooting!%3C%2FP%3E%0A%3CP%3EIf%20you%20are%20looking%20to%20manage%20BitLocker%20from%20Azure%20please%20check%20URL%20%3A%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fcore-infrastructure-and-security%2Fbitlocker-intune-and-raven%2Fba-p%2F1048033%22%20target%3D%22_blank%22%20rel%3D%22noopener%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fcore-infrastructure-and-security%2Fbitlocker-intune-and-raven%2Fba-p%2F1048033%3C%2FA%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EBest%20Regards%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3ENaveen%20Kanneganti%3C%2FSTRONG%3E%3C%2FSPAN%3E%3CSPAN%3E%3CSTRONG%3E%3CBR%20%2F%3EPremier%20Field%20Engineer%3C%2FSTRONG%3E%3C%2FSPAN%3E%26nbsp%3B%3CSPAN%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSPAN%3E%3CSTRONG%3EMicrosoft%20Services%3C%2FSTRONG%3E%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%3CSTRONG%3E%26nbsp%3B%3C%2FSTRONG%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-1279246%22%20slang%3D%22en-US%22%3E%3CP%3EThis%20post%20is%20intended%20to%20give%20you%20guidance%20to%20implement%20Configmgr%20Bitlocker%20management%2C%20monitoring%20and%20troubleshooting.%3C%2FP%3E%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1279246%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ENaveenKanneganti%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E

 

 

Hi Folks! I’m Naveen kanneganti and Welcome to my blogpost.

 

Configmgr has release BitLocker Drive Encryption (BDE) in v1910 for on-premises Windows clients running Windows 10 or Windows 8.1. This feature is optional so, you must enable this feature before using it. Enable co-management and benefit from cloud-based BitLocker management with Microsoft Intune is the best approach. However, there are scenario’s where cloud is not an option and require managing on-premises clients. configmgr gives this capability from V1910 and can replace the use of Microsoft BitLocker Administration and Monitoring (MBAM). This post is intended to give you guidance to implement Configmgr Bitlocker management, monitoring and troubleshooting.

 

Configmgr will provide the following BitLocker management capabilities:

 

Client deployment

  • Bitlocker client deployment with seamless experience in configmgr console to manage devices running Windows 10 or Windows 8.1

Manage encryption policies

  • Bitlocker Drive Encryption - Settings like drive encryption and cipher strength on Operating System Drives, Fixed Data Drives and Removable Data Drives.ConfigMgr 1910 only supports starting encryption on the OS drive. It does not support starting encryption on Fixed or Removable drives but support compliance reporting .ConfigMgr 2002 supports Encryption of Fixed and Removable drives.
  • Client Management - settings like Bitlocker recovery information to be store and client checking status frequency
  • Compliance - Starting with ConfigMgr 2002 you can force users to get compliant with new security policies

  • OS Drive Management - Settings like protector for OS drive, minimum PIN length
  • Auto Unlock - When a user unlocks the OS drive specify whether to unlock only an OS drive or all attached drives.
  • Setting PIN/Password -Customize your organization's security profile on a per device basis.

Compliance reports

Built-in reports, currently available are:

  • Encryption status per volume or per device
  • The primary user of the device
  • Compliance status
  • Reasons for non-compliance

Administration and monitoring website

  • User admins outside of Configmgr console able to help with key recovery including key rotation and other BitLocker-related support

User self-service portal

  • Users able to get single-use key for unlocking a BitLocker encrypted device. Once this key is used, it generates a new key for the device.

 

Deploy and Use Bitlocker

Configmgr 1910 introduce Bitlocker management to manage manage BitLocker Drive Encryption (BDE) for configmgr managed devices.

 

Prerequisites

  • Administrator users require full administrator Role in configmgr to create Bitlocker management policies
  • for configmgr 1910 ,Https-enabled management Point is required to integrate Bitlocker recovery service

Note: if no HTTPS MP found, client will show “unable to find suitable recovery service MP” in bitlockermanagementhandler.log

Naveen_Kanneganti_0-1585926100333.png

 

  • In ConfigMgr 2002 , https Management point is not mandatory to work however, just HTTPS-enable the IIS website on the management point that hosts the recovery service is required
  • Client computers need to join on-premises Active directory
  • Reporting services point is required to use reports
  • IIS server is required to use self-service portal

For more information, please see https://docs.microsoft.com/en-us/configmgr/protect/plan-design/bitlocker-management

 

Following is the step by step procedure to enable Bitlocker on configmgr Managed Devices

 

Bitlocker Management Control Policy

  • Open the SCCM console
  • Go to Assets and Compliance\Overview\Endpoint Protection\BitLocker Management
  • Right-click BitLocker Management and click Create Bitlocker Management Control Policy
  • Give the name
  • Select Client Management and Operating System Drive and then click Next

Naveen_Kanneganti_1-1585926182399.png

 

  • On the Setup page select desired options as shown below
    • Example
      • Choose a drive encryption and cipher strength (windows 10): Enabled
      • Operating System Drives: XTS-AES 256-bit
      • Fixed Data Drives: XTS-AES 256-bit
      • Removable Data Drives: XTS-AES 256-bit

Naveen_Kanneganti_2-1585926182406.png

 

  • On Client Management page, select desired options as shown below and click Next
    • Example:
      • Configure Bitlocker Management Services: Enabled
      • Select bitlocker recovery information: Recovery password and key package
      • Check the box Allow recovery information to be stored in plain text
      • Enter client checking status frequency in (minutes): 90

Naveen_Kanneganti_3-1585926182475.png

 

  • On Operating System Drive page, select desired options as shown below and click Next
    • Example:
      • Operating System Drive Encryption Settings: Enabled
      • Allow Bitlocker without a compatible TPM (requires a password): Allow
      • Select protector for operation system drive: TPM only
      • Configure minimum PIN length for startup: 4

Naveen_Kanneganti_4-1585926182534.png

 

  • On the Summary Page, review your choices and click Next
  • On the Completion Page, close the wizard.

 

Deploy Bitlocker Management Control Policy

  • Right click on created PS0 Bitlocker Management Policy and click Deploy

Naveen_Kanneganti_5-1585926253509.png

 

  • Select desired collection and simple schedule
  • Click ok

Naveen_Kanneganti_6-1585926253533.png

 

 

Monitoring

  • Monitor the progress at <install location>\Logs\mpcontrol.log. When completed you’ll have the following lines in the log

Successfully ran 'C:\Windows\system32\WindowsPowerShell\v1.0\PowerShell.exe -ExecutionPolicy RemoteSigned -File "C:\Program Files\Microsoft Configuration Manager\bin\x64\mbamrecoveryserviceinstaller.ps1"'. Exit code = 0.

 

HandleMPRegistryChanges(): EnableMBAM() succeeded.

Naveen_Kanneganti_7-1585926253618.png

 

  • The following SMS_MP_MBAM service is created in IIS at Sites\Default Web Site\SMS_MP_MBAM

Naveen_Kanneganti_8-1585926253698.png

 

 

Client

  • When the Bitlocker Management Control Policy is deployed successfully, you will see MDOP MABM program installed at Control Panel\Programs\Programs and Features

Naveen_Kanneganti_10-1585926253789.png

 

  • Reg keys are created as shown below at Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement

Naveen_Kanneganti_11-1585926253798.png

 

  • The following 2 log files are created at c:\windows\ccm\logs
  • BitlockerManagement_GroupPolicyHandler.log
  • BitlockerManagementHandler.log

Naveen_Kanneganti_12-1585926253801.png

 

  • Check if the client can find Management from BitlockerManagementHandler.log

Naveen_Kanneganti_13-1585926253806.png

 

 

Bitlocker Encryption on clients

 

Use Case 1:

When a BitLocker Management policy is deployed to configmgr managed device, a wizard will pop on the device prompting the user to start the bitlocker encryption. This is the recommend and primary method to use. you can also enable BitLocker via Task Sequences or “manually” via manage-bde/scripts.

 

On a new computer you may run these commands manually or using task sequence during OSD or other methods to enable Bitlocker drive encryption and escrow keys to configmgr. Here is some guidance to help with commands, monitor and troubleshooting

  • Run Powershell command gwmi -class mbam_volume -Namespace root\microsoft\mbam. search for Compliant and ReasonsForNoncompliance
    • Note: the codes shown at ReasonsForNoncompliance gives the reasons for non-compliant state which helps during troubleshooting

 

  • Run Powershell command Manage-bde -status and check results as shown below
    • In this case:
      • Fully decrypted

Naveen_Kanneganti_14-1585926487480.png

 

  • In this scenario, Run Powershell command Manage-bde -on c: and restart computer to begin encryption of C drive by Bitlocker Drive Encryption (BDE)
  • Note: once the client receives the policy, Microsoft Bitlocker Administration and Monitoring wizard should popup on the clients (MBAM wizard may not appear for RDP/Hyper V). 

    this is the primary or recommended method to start the bitlocker encryption

Naveen_Kanneganti_15-1585926487528.png

 

  • Run Powershell command Manage-bde -status to check the status of bitlocker drive encryption (BDE)

Naveen_Kanneganti_16-1585926487556.png

 

  • Run Powershell command gwmi -class mbam_volume -Namespace root\microsoft\mbam. search for Compliant and ReasonsForNoncompliance

Naveen_Kanneganti_17-1585926545176.png

 

  • You can also search Deployed Bitlocker Management Control Policy in configuration manager applet located at Control Panel\System and Security for Compliant state

Naveen_Kanneganti_18-1585926545195.png

 

  • Check Event Viewer logs in Applications and Services Logs\Microsoft\Windows\MBAM\ for events

Naveen_Kanneganti_19-1585926545279.png

 

 

Use Case 2:

You may have configmgr managed devices already encrypted and escrowed to active directory. We can deploy configmgr policy and escrow keys to configmgr database. Here is some guidance to help deploy monitor and troubleshoot

  • Computer already encrypted and keys are backed with AD as shown below

Naveen_Kanneganti_21-1585926637177.png

 

  • You can check if recovery backup to active directory is enabled from registry HKLM\Software\Policies\Microsoft\FVE as shown below

Naveen_Kanneganti_22-1585926637186.png

 

  • Add computer to Bitlocker Management Policy deployed collection. refer client section to monitor policy deployment. You can monitor policy escrowed to configmgr on client from Applications and Services Logs\Microsoft\Windows\MBAM\Operational in event Viewer.

Naveen_Kanneganti_23-1585926637319.png

 

 

Install and configure BitLocker portals

 

Prerequisites

  • IIS server is required to use self-service portal
  • Microsoft ASP.NET MVC 4.0 is required to install on same IIS server hosting self-service portal
  • Sysadmin rights on SQL is required for the account used to run scripts to install self-service portal

For more information, please see https://docs.microsoft.com/en-us/configmgr/protect/plan-design/bitlocker-management

Note: in V1910 install Portals on Primary site. In a hierarchy having CAS, install portals on Primary sites

 

Install Portals

  • Copy the files MBAMWebSiteInstaller.ps1 and MBAMWebsite.cab from configmgr installation folder \cd.latest\SMSSETUP\BIN\X64

Note: in V190 these files are already available at configmgr installation folder \cd.latest\SMSSETUP\BIN\X64

 

Naveen_Kanneganti_25-1585926685966.png

 

  • Run the PowerShell command from the folder having MBAMWebSiteInstaller.ps1 and MBAMWebsite.cab files.

.\MBAMWebSiteInstaller.ps1 -SqlServerName cm01.contoso.com -SqlDatabaseName CM_PS0 -ReportWebServiceUrl http://CM01.contoso.com/ReportServer -HelpdeskUsersGroupName "contoso\PS0 CM BitLocker helpdesk users" -HelpdeskAdminsGroupName "contoso\PS0 CM BitLocker helpdesk admins" -MbamReportUsersGroupName "contoso\PS0 CM BitLocker report users" -SiteInstall Both

 

[For more information on script usage, please see https://docs.microsoft.com/en-us/configmgr/protect/deploy-use/bitlocker/setup-websites ]

Naveen_Kanneganti_26-1585926686000.png

 

  • Access the self-service portal via URL https:// [webserver FQDN]/SelfService

Ex: https://cm01.contoso.com/selfservice/

Naveen_Kanneganti_27-1585926686004.png

 

 

  • Access Administration and monitoring portal via URL https:// [webserver FQDN]/helpdesk

Ex: https://cm01.contoso.com/helpdesk/

Naveen_Kanneganti_28-1585926686016.png

 

  • After installation of self-service portal, you can customize portal. Go to Sites>Default Web Site>SelfService node. In the details pane, ASP.NET group, click Application Settings.
    • CompanyName = The organization name displays in self-service portal
    • DisplayNotice = notice that the user has to acknowledge in self-service portal
    • HelpdeskText = helpdesk contact info
    • HelpdeskUrl = The link for the HelpdeskText string.
    • NoticeTextPath = The text of the initial notice that the user requires to acknowledge. By default, the full file path on the web server is C:\inetpub\Microsoft BitLocker Management Solution\Self Service Website\Notice.txt. Edit and save the file in a plain text editor.

Naveen_Kanneganti_29-1585926686040.png

 

Administration and monitoring Portal

  • At Bitlocker recovery screen, note first 8 characters of recovery Key ID

Ex: CB3AB643

Naveen_Kanneganti_30-1585926741503.png

 

  • Logon to Administration and monitoring website via URL https:// [webserver FQDN]/helpdesk. Give User Domain, User ID, first 8 characters of recovery Key ID (Ex: CB3AB643) and Reason for Drive Unlock. click Submit.

Naveen_Kanneganti_31-1585926741518.png

 

  • Copy the Drive Recovery Key

Naveen_Kanneganti_32-1585926741533.png

 

  • Give the recovery key from previous step then press enter

Naveen_Kanneganti_33-1585926741543.png

 

  • Continue to Windows log in screen

Naveen_Kanneganti_34-1585926741549.jpeg

 

Self-service portal

  • At Bitlocker recovery screen, note first 8 characters of recovery Key ID

Ex: A5A530CC

Naveen_Kanneganti_35-1585926741557.png

 

  • Log on to the self-service portal via URL https://[webserver FQDN ]/SelfService using User credentials of the computer from another device. Check the box “I have read and understand the above notice” and click continue

Ex: https://cm01.contoso.com/selfservice/

Naveen_Kanneganti_36-1585926741561.png

 

  • Give the Recovery Key ID (ex: A5A530CC) and select a Reason from drop down menu. Click Get Key and then Copy the Bitlocker recovery key generated

Naveen_Kanneganti_37-1585926741574.png

 

  • Give the recovery key from previous step then press enter

Naveen_Kanneganti_38-1585926741585.png

 

  • Continue to Windows log in screen

Naveen_Kanneganti_39-1585926741591.jpeg

 

Hope this step by step process and Monitoring helps in deployment and troubleshooting!

If you are looking to manage BitLocker from Azure please check URL : https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/bitlocker-intune-and-raven/b...

 

Best Regards

Naveen Kanneganti
Premier Field Engineer 
 

Microsoft Services