...
Task | Responsible Group |
Schedule a day with the end user to retrieve laptop to perform the encryption | Helpdesk |
Backup user documents to protect data | Helpdesk |
Update BIOS to latest version (varies by manufacturer and model) | Helpdesk |
Enable and Activate TPM chip in BIOS (varies by manufacturer and model). Please note to enable if the option is available for the OS to take ownership of the TPM. | Helpdesk |
Install Microsoft Bitlocker & Administration Monitoring Agent (Performed via SCCM or Manually) · The helpdesk will need Systems group to add the computer to the "MBAM Agent Install" collection · The helpdesk can install the agent manually from the Helpdesk Archives\Client Applications\MBAM 2.5SP1 Agent To Do: The agent should be part of the base image or at least be available to all computers in SCCM | Helpdesk or Systems group |
Verify MBAM MDOP Agent installed successfully (Check Add/Remove programs) | Helpdesk |
Apply Group Policy for Microsoft Bitlocker Administration & Monitoring · Helpdesk will need to provide computer name to systems group | Systems Group |
Start Encryption Process · The encryption process should start within 90 minutes of the group policy being applied · Alternatively, the helpdesk can manually start encrypting the Operating System drive by double clicking on the following file: C:\Program Files\Microsoft\MDOP MBAM\MBAMClientUI.exe | Helpdesk |
Confirm encryption process completes successfully · The process can take from 2 hours to a day to complete depending on the size of the Operating System hard drive. · The end user can't retrieve the laptop until the process is complete. · A notification indicating the encryption process is complete is displayed when | Helpdesk |
...