Enabling MBAM on Fixed drives is not working

Question

Hi All,

I have configured a MBAM policy in SCCM(CB 2103) for OS and Fixed drives, but fixed drive encryption is not working yet. Below are the steps and settings I have followed.

Created a MABM policy for OS, Fixed and Client management, Below are the settings for fixed drive,

• Fixed data drive encryption strength: XTS-AES 128 (default)
• Fixed data drive encryption: Enabled
• Configure Auto-unlock for fixed data drive: Require auto-unlock
• Fixed data drive password policy: disabled
• Encryption policy enforcement settings – Enabled
• Noncompliance grace period (days) – 0

Deployed the policy to a test collection.

Once I have deployed the policy, it has been completed the OS drive encryption without an issue, but when check the manage-bde -status on PowerShell, it says protection status as off and fully decrypted under fixed drive(D).

PS: I was wondering, any other steps, I suppose to follow in order to working the encryption on fixed drives.

Appreciated the help.

Thanks in advance
Dilan

Answer 1

Hi @Dilan Nanayakkara ,

We could try to enable "Fixed data drive password policy" to check if drive(D) encryption without an issue.

If not, we could see the event log that TPM event-triggered, and check BitLockerManagementHandler.log, it records information about BitLocker management policies.

On my side, I will do more experience to test this issue. Thanks for your understanding.

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

I had to set the policy for not requiring password to unlock fixed data drive to "not configured" while having the policy for auto-unlock set to Forced in order for MBAM to begin encrypting the fixed data drives.