Aug 02 2022 02:53 AM
Hello,
For the moment, we use MBAM to manage bitlocker encryption keys.
We would like to use MEM compliance policy to audit encryption of our Windows devices (audit only - no remediation).
I would like to know if configuring "Require encryption of data storage on device." or "Require BitLocker" will try to remediate a non-compliant device. I want to avoid a situation where device is encrypted after remediation and Keys are not stored into MBAM database.
Aug 02 2022 03:53 AM
Hi @Le_Michel, Both these are included in the compliance policy, which means that the device will be evaluated on these policies, and based on the conditions configured, actions will be taken.
As you mentioned, you already have encryption forced through MBAM, so if co-management is enabled, you can use these in-compliance policies to evaluate your compliance. But if you have conditional access, you must proceed with caution.
Aug 03 2022 12:19 AM
Aug 03 2022 05:10 AM