Standardize bit-locker encryption method.

Question

Hi Experts ,

We are using classic MBAM and we want to move SCCM based BitLocker solution, but before doing that steps we need to standardize the encryption method in all machine to XTS-AES-256-bit.

Currently in our environment machines are having different different encryption method .

Can anyone guide me for the steps for standardizing the encryption method in all machine to XTS-AES-256-bit on all machines ?

Do we need to stop the encryption on all machines and need to change registry to 7 ? But till the time machines gets new policy we are keeping machines decrypted….

in progress 0
Ketan Kamble 2 months 3 Answers 50 views Beginner 0

Answers ( 3 )

  1. Are you trying to move away from a non Microsoft enchryption product to Microsoft’s product ? Or are you planning to do this within Microsoft products like MBAM itself?

    I don’t know how this is handled in SCCM integrated MBAM … have you tried to deploy the new policy to one of the test devices?

    As per the documentation I read … there is no straight forward way to do this apart from going through

    Decryption
    Encryption method again

    https://www.howtogeek.com/193649/how-to-make-bitlocker-use-256-bit-aes-encryption-instead-of-128-bit-aes/

    If you are looking a scripted method you can try that using https://garytown.com/enable-bitlocker-xts-256-during-osd-w-mbam-2-5-sp1

  2. Yes i reviewed that , with that URL only i created a plan to upgrade MBAM to SCCM client.

    But what’s are the recommended ways to change encryption method is not mentioned or what preventive measure we need to take while changing encryption on existing production measures.

Leave an answer

Sorry, you do not have a permission to answer to this question .