Tip of the Day: MBAM 2.0 - Protectors Flexible Policy

Today’s Tip…

In the recently released MBAM 2.0, computers that are already encrypted with a protector (example: TPM + PIN or Auto-Unlock and password) and that receive an MBAM policy that requires a subset of that encryption (example: TPM or Auto-Unlock) will be considered compliant. In the example above, PIN and Password would not be removed automatically unless the IT administrator specifically defines these features as no longer allowed.

Computers that are not encrypted and that receive an MBAM policy (example: TPM or Auto-Unlock) are encrypted accordingly. Later on, local administrator users are allowed to use the BitLocker tools (control panel applet or manage-bde) to add or modify the existing protectors (example: TPM + PIN or Auto-Unlock and Password) and these will remain compliant unless they are specifically defined by MBAM policies.