This setting allows you to configure the number of days that fixed drives can remain noncomplaint until they are forced to comply with MBAM policies. Users will not be able to postpone the required action or to request an exemption from it after the grace period. The grace period starts when the fixed data drive is determined to be noncompliant. However, the fixed data drive policy will not be enforced until the operating system drive is compliant.
If the grace period expires and the fixed drive is still not compliant, users will not be presented with the option to postpone or to request an exemption. If the encryption process requires user input, a dialog box will appear that users cannot close until they provide the required information. Further notifications, such as error messages or encryption status, will not have the same restriction.
Specifying a grace period of 0 will enforce the policy immediately after the operating system drive becomes compliant.
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | UseFddEnforcePolicy |
Value Type | REG_DWORD |
Enabled Value | 1 |
Disabled Value | 0 |
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Microsoft\FVE\MDOPBitLockerManagement |
Value Name | FddEnforcePolicyPeriod |
Value Type | REG_DWORD |
Default Value | 0 |
Min Value | 0 |
Max Value | 730 |