Translate

Friday, September 15, 2017

Bitlocker recovery without MBAM and AD

Some of you may miss Bitlocker Active Directory Recovery. This feature was skipped in 1607 (!).
Reference: https://docs.microsoft.com/en-us/windows/device-security/tpm/backup-tpm-recovery-information-to-ad-ds

So you need MBAM instead. Which is in general a good idea.

But for MBAM in general you need MDOP under SA. And there is a constellation where you cant get MBAM normally when buying Windows under CSP.

There is as always a solution. Recovery key out of the Azure AD Box :-)



Pieter Wiegleven had here documented the full solution:
https://blogs.technet.microsoft.com/home_is_where_i_lay_my_head/2017/06/07/hardware-independent-automatic-bitlocker-encryption-using-aadmdm/

Have fun!