Microsoft BitLocker Encryption

What Is It?

Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You can configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your unit, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the unit as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.


MBAM 2.5 has the following features:

  • Enables administrators to automate the process of encrypting volumes on client computers across the enterprise
  • Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself
  • Reduces the workload on the Help Desk to assist end-users with BitLocker PIN and recovery key requests
  • Enables end-users to recover encrypted devices independently by using the Self-Service Portal
  • Enables security officers to easily audit access to recover key information
  • Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected

MBAM enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of the enterprise’s and individual’s computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot records change.


  • Windows 7 Enterprise, Windows 8.1 Pro, Windows 8.1, or Windows 10 (Pro and Enterprise)
  • Two partitions
  • Trusted Platform Module (TPM) – (Not required for Windows 8.1 or 10 provided a PIN is set)

A TPM is a special chip that runs an authentication check on your hardware, software, and firmware. If the TPM detects an unauthorized change your PC will boot in a restricted mode to deter potential attackers.

NOTE: To determine if you have a TPM enabled, check the device manager and look for a Security Devices section. If you don’t see one listed, there might still be one on your system, but it might be disabled and need to be enabled in your computer's BIOS.

NOTE: Please note that TPM 2.0 requires UEFI Secure Boot in order for BitLocker to work properly.

Who Is Eligible To Use It?

  • Staff

Where Can I Get It?

Select the Obtain BitLocker Recovery Key button located on this page.

How Do I Use It?

How to install BitLocker

How Much Does It Cost?

This service is funded by the University; there are no direct costs to clients.

How Can I Get Support?

If you are experiencing a problem with this service, please report it. If you just have a question, feel free to ask us.

Service Levels

Service Request Fulfillment Time 2-4 business days depending on the complexity of the request
Incident Resolution Time 3–5 business days depending on the complexity of the incident
Service Availability 24x7
Maintenance Window(s) Approved Technology Solutions maintenance window(s)
Service Notification Channel(s) Technology Solutions Service Notices, REACH distribution email list
Obtain BitLocker Recovery Key


Service ID: 379
Mon 12/21/20 7:38 PM
Wed 5/5/21 9:07 AM
Service Review Date
Date of the most recent review of this service.