Looking forward to your next videos

And hit it some votes :D configurationmanager.uservoice.com/forums/300492-ideas/suggestions/39327013-mbam-fully-integrated-in-1910-does-not-have-enforc

thanks ! I don't think it's possible as it's native to the MDOP agent itself, the notification is there for a reason as encryption can take time and you don't want it failing because the laptop ran out of power, you could however get creative and create collections that identify which devices are connected to power and which are not and target policy accordingly (and of course, update membership fairly often), you only need to do this during the initial encryption phase, after they are encrypted being on battery is no problem at all.

If somebody will have the same issue, in this article is described why it`s hapenned. social.technet.microsoft.com/Forums/en-US/1bc375aa-5991-4c28-8977-a9e41c894553/configuration-baselines-not-evaluating-as-per-schedule?forum=ConfigMgrCBGeneral

simple, On the BitLocker policy, select the Operating System Drive, scroll down to Encryption Policy Enforcement Settings, set it to Enabled, and set the noncompliance grace period to (days) 0

what version of ConfigMgr are you using ? these registry key hacks were only needed for CM1910

@@ncbrady I'm using the 2103 but still no MBAM ui showing up even if I try to launch it manually, but your method work for enforcing

@@lucasfonquernie3572 the keys are not needed for CM2103, you just need to set the Encryption Policy Enforcement settings to Enabled, and set the non compliance grace period to 0 on the operating system drive tab of your configured policy

@@ncbrady Yep but doing just that doesn't work for me. But when I setup the reg keys like you do with the compliance baseline it does work. That is weird.

hi Matt, are you using 1910 or 2002 ? if 1910 then you'll see the popup, if 2002 then there is no need for this workaround, you can configure the setttings in the policy

@@ncbrady Hey Niall. 1910 here. Is there a step that I missed to initiate the popup? Because the popup isn't appearing. Cheers.

@@mattcarlin2873 the popup won't appear if you've set the delay period to 0 days as per my registry hack (this video). And it should just go ahead and encrypt, it won't encrypt if there's no TPM enabled or in a RDP session. So are either true ?

@@ncbrady Hey Niall, Yeah I found your guide which said that it doesn't work via RDP, so I made sure not to use that when testing. Anyway, it turns out I was getting "VolumeEnactmentFailed" in Event Viewer for my OS drive, and a Redditor who experienced the same issue narrowed his issue down to improper SQL permissions. I'm not sure if my issue is the same, so I ran a query to check for the SQL Server BitLocker certificate and it returned 0, so I figured my policy wasn't working due to the absence of the certificate. I redeployed the BitLocker policy with the plain text option selected for the recovery key, and then it all just worked...encryption started and I'm now compliant. I suppose this is what I get for not checking everything was set up correctly! (Note to self: don't trust colleagues who leave a project unfinished!)

@@mattcarlin2873 ah, well spotted, i'm glad it's working now :)

hi Roman are the two registry settings in place as per my guide ? can you share screenshots of what you see and send me your bitlocker logs to niall@windowsnoob.com

@@ncbrady thank you I sent!

hi Freshner, good question, and no, you do not need to do so it will happen automatically when the client checks for policy as defined in client settings. I did it as I wanted to show the 'change' quickly.

@@ncbrady seems like I did something wrong because it is not evaluating this policy for 18hours now. Thanks for the reply I'll look into it and if I have an answer or maybe you have can we reply it here :)

@@freshnerfresnido9413 verify that its in the collection that you've deployed the policy to

@@ncbrady yeah its the correct collection and I can see it in configuration manager properties its just not evaluated yet

@@freshnerfresnido9413 how are your client settings configured ? by default they should check for (machine) policy every 60 minutes or so, what is yours set to ?

good point, i haven't tested that, have you ?

@@ncbrady I will tomorrow, I'll let you know

@@ncbrady Unfortunately it doesn't work when user has to enter info

@ have you tried setting the graceperiod to 1 or greater, currently it's at 0 so the user will never see anything

@@ncbrady It's working now thank you Niall, I just add the reg value NoStartupDelay