Enabling MBAM on Fixed drives is not working

Dilan Nanayakkara 1,096 Reputation points

Hi All,

I have configured a MBAM policy in SCCM(CB 2103) for OS and Fixed drives, but fixed drive encryption is not working yet. Below are the steps and settings I have followed.

Created a MABM policy for OS, Fixed and Client management, Below are the settings for fixed drive,

  • Fixed data drive encryption strength: XTS-AES 128 (default)
  • Fixed data drive encryption: Enabled
  • Configure Auto-unlock for fixed data drive: Require auto-unlock
  • Fixed data drive password policy: disabled
  • Encryption policy enforcement settings – Enabled
  • Noncompliance grace period (days) – 0

Deployed the policy to a test collection.

Once I have deployed the policy, it has been completed the OS drive encryption without an issue, but when check the manage-bde -status on PowerShell, it says protection status as off and fully decrypted under fixed drive(D).

PS: I was wondering, any other steps, I suppose to follow in order to working the encryption on fixed drives.

Appreciated the help.

Thanks in advance

Microsoft Configuration Manager
{count} vote

Accepted answer
  1. Amandayou-MSFT 10,956 Reputation points

    Hi @Dilan Nanayakkara ,

    We could try to enable "Fixed data drive password policy" to check if drive(D) encryption without an issue.

    If not, we could see the event log that TPM event-triggered, and check BitLockerManagementHandler.log, it records information about BitLocker management policies.

    On my side, I will do more experience to test this issue. Thanks for your understanding.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

0 additional answers

Sort by: Most helpful