Note: If MBAM is configured to run with Microsoft Configuration Manager, disable the "MBAM Status reporting service" and leave the "MBAM Status reporting service end point" blank. This information is managed in Microsoft Configuration Manager.
This policy setting allows you to manage the key recovery service backup of BitLocker Drive Encryption recovery information. This provides an administrative method of recovering data encrypted by BitLocker to prevent data loss due to lack of key information.
The URL for MBAM Recovery service endpoint is
http(s)://
The URL for MBAM Status reporting service endpoint is
http(s)://
Replace the server name and port number on above URL based on the installation of the MBAM.
BitLocker recovery information includes the recovery password and some unique identifier data. You can also select to include a package that contains a BitLocker protected drive's encryption key. This key package is secured by one or more recovery passwords and may help perform specialized recovery when the disk is damaged or corrupted.
This policy setting manages how often the client will check the BitLocker protection policies and status on the client machine.
This policy setting allows you to manage the compliance and status information to be saved at report server location. This provides an administrative method of generating a compliance and status report.
This policy setting allows you to manage the frequency of the compliance and status information to be reported to the report service.
The frequency is every 1 minute to 2880 minutes (48 hours). The default for the client to check status is 90 minutes and the default for status reporting is 720 minutes. Frequency values smaller than the defaults will increase network and server utilization and could limit the number of clients MBAM can process.
If you enable this policy setting, key recovery info will be automatically and silently backed up to the configured key recovery server location and status report will be automatically and silently sent to configured report server location.
If you disable or do not configure this policy setting, the key recovery and the status report information will not be saved.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | UseMBAMServices |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | UseKeyRecoveryService |
Value Type | REG_DWORD |
Value | 1 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | KeyRecoveryServiceEndPoint |
Value Type | REG_EXPAND_SZ |
Default Value |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | KeyRecoveryOptions |
Value Type | REG_DWORD |
Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | KeyRecoveryOptions |
Value Type | REG_DWORD |
Value | 1 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | ClientWakeupFrequency |
Value Type | REG_DWORD |
Default Value | 90 |
Min Value | 1 |
Max Value | 2880 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | UseStatusReportingService |
Value Type | REG_DWORD |
Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | UseStatusReportingService |
Value Type | REG_DWORD |
Value | 1 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | StatusReportingServiceEndpoint |
Value Type | REG_EXPAND_SZ |
Default Value |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | StatusReportingFrequency |
Value Type | REG_DWORD |
Default Value | 720 |
Min Value | 1 |
Max Value | 2880 |