Microsoft BitLocker Encryption


What Is It?

Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You can configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your unit, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the unit as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.

Other Service Names



MBAM 2.5 has the following features:

  • Enables administrators to automate the process of encrypting volumes on client computers across the enterprise
  • Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself
  • Reduces the workload on the Help Desk to assist end-users with BitLocker PIN and recovery key requests
  • Enables end-users to recover encrypted devices independently by using the Self-Service Portal
  • Enables security officers to easily audit access to recover key information
  • Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected

MBAM enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of the enterprise’s and individual’s computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot records change.


  • Windows 7 Enterprise, Windows 8.1 Pro, Windows 8.1, or Windows 10 (Pro and Enterprise)
  • Two partitions
  • Trusted Platform Module (TPM) – (Not required for Windows 8.1 or 10 provided a PIN is set)

A TPM is a special chip that runs an authentication check on your hardware, software, and firmware. If the TPM detects an unauthorized change your PC will boot in a restricted mode to deter potential attackers.

NOTE: To determine if you have a TPM enabled, check the device manager and look for a Security Devices section. If you don’t see one listed, there might still be one on your system, but it might be disabled and need to be enabled in your computer's BIOS.

NOTE: Please note that TPM 2.0 requires UEFI Secure Boot in order for BitLocker to work properly.

Who Is Eligible To Use It?

  • IT Pros

Where Can I Get It?

MBAM is available to be applied through MECM or Intune endpoint management solutions. If you are an individual client and have forgotten your Bitlocker recovery key, select the Obtain BitLocker Recovery Key button located on this page.

How Do I Use It?

Revierw how to install BitLocker.

How Much Does It Cost?

This service is funded by the University; there are no direct costs to clients.

How Can I Get Support?

If you are experiencing a problem with this service, please report it. If you just have a question, feel free to ask us.

Service Levels

Service Request Fulfillment Time 2-4 business days depending on the complexity of the request
Incident Resolution Time 3–5 business days depending on the complexity of the incident
Service Availability 24x7
Maintenance Window(s) Approved Technology Solutions maintenance window(s)
Service Notification Channel(s) IT Service Notices
Recover BitLocker Encryption Key


Service Offering Id: 126
Sat 6/25/22 7:02 PM
Sat 6/25/22 7:02 PM
Select all audiences that apply
IT Pro