Encryption Policy Enforcement Settings

This setting allows you to configure the number of days that fixed drives can remain noncomplaint until they are forced to comply with MBAM policies. Users will not be able to postpone the required action or to request an exemption from it after the grace period. The grace period starts when the fixed data drive is determined to be noncompliant. However, the fixed data drive policy will not be enforced until the operating system drive is compliant.

If the grace period expires and the fixed drive is still not compliant, users will not be presented with the option to postpone or to request an exemption. If the encryption process requires user input, a dialog box will appear that users cannot close until they provide the required information. Further notifications, such as error messages or encryption status, will not have the same restriction.

Specifying a grace period of 0 will enforce the policy immediately after the operating system drive becomes compliant.

Supported on: At least Windows 7

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\FVE\MDOPBitLockerManagement
Value NameUseFddEnforcePolicy
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Configure the number of noncompliance grace period days for fixed drives. This grace period begins only after the operating system drive compliance is detected:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\FVE\MDOPBitLockerManagement
Value NameFddEnforcePolicyPeriod
Value TypeREG_DWORD
Default Value0
Min Value0
Max Value730

bitlockermanagement.admx

Administrative Templates (Computers)

Administrative Templates (Users)