In part 6 here,we have created MBAM collection ,application for MBAM 2.5 SP1 agent and deployed to our Clients and did the bitlocker drive encryption for windows 8.1 Client.We have also retrieved the bitlocker recovery key using self service portal and reviewed the bitlocker compliance reports.
In this part 7 of MBAM 2.5 SP1 multi series guide,we will do the bitlocker drive encryption for windows 10 ,also see the new features(Configure pre-boot recovery message and URL) included for windows 10. To know more whats new in MBAM 2.5 SP1 ,refer TechNet document here
I have created a windows 10 RTM 10240 virtual machine ,installed SCCM 2012 R2 SP1 client ,waited for few min to let MBAM 2.5 SP1 agent deploy automatically .( The MBAM collection was created to get all workstations ,deployed MBAM agent to this collection,more info ,refer part 6 ).
Login to windows 10 client,verify MBAM agent installed or not either from C:\program files\Microsoft\MDOP MBAM or from software center or from SCCM 2012 monitoring console/Reports.
lets check the GPO if the policies applied or not. For this,Open registry key , HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE.
From below snippet,you can see that ,Configure pre-boot recovery message and URL’s configured via GPO are applied which is new in MBAM 2.5 SP1.
You can either wait for the GPO to start the MBAM agent or manually trigger MBAMclientUI.exe from C:\program files\Microsoft\MDOP MBAM
As I Discussed in my previous post here ,cannot bitlocker the drive using MBAM agent on virtual machines .To check,go to event viewer,Microsoft-Windows-MBAM/Admin ,check the error code.
An error occurred while applying MBAM policies.
Volume ID:\\?\Volume{3968637d-842e-45c4-abb5-5f3a6421ec72}\Error code:
-2144272219Details:
BitLocker Drive Encryption only supports Used Space Only encryption on thin provisioned storage.
But in physical machines,it should work (atleast you will not see this error).So I go and do bitlocker manually .Go to control panel ,open Bitlocker drive encryption ,Turn on bitlocker
PowerShell commands to enable bitlocker https://technet.microsoft.com/en-us/library/jj649837(v=wps.630).aspx
Restart the Computer
Enter the bitlocker password that you have set earlier ,login to the client using your domain password.
After you login,wait for while until the drive encryption is done.
After the completion of encryption , reboot the client .This time ,we don’t enter the password to login instead ,we use recovery key and see the
As you can see from below snippet,pre-boot recovery message and URL which are customized in our group policy ,can help to recover the bitlocker key from another client by entering the first 8-digit number into selfservice portal.
With this,we have completed the bitlocker drive encryption for windows 10 using MBAM 2.5 SP1.
In the next post part 8,we will see the troubleshooting steps ,how and where to start for any bitlocker encryption issues related to MBAM.