A: Typically, when the Microsoft BitLocker Administration and Monitoring (MBAM) solution is deployed to clients, it enables a user- or policy-initiated encryption of the local volumes using BitLocker and stores the recovery key in the MBAM SQL Server database for easy lookup by the user or the Help desk.

If a machine is already BitLocker-encrypted before the MBAM client is installed, then when the MBAM client is installed, the recovery key is extracted from the machine’s local store and sent to the MBAM SQL Server database. It’s not possible for MBAM to perform a bulk extraction from AD and populate its SQL Server data store.


To read more FAQs, go to John Savill's Windows IT Pro FAQs page