MBAM Policy was detected: Verify the OU used for pre-deployment does not apply MBAM policy

Posted on Christian By Christian No Comments on MBAM Policy was detected: Verify the OU used for pre-deployment does not apply MBAM policy
Resolvederror-MBAM

The Microsoft BitLocker Administration and Monitoring (MBAM) client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. In this guide, you will learn how to fix the following error “MBAM Policy was detected: Verify the OU used for pre-deployment does not apply MBAM policy”. Please see the effects of renaming an MBAM or BitLocker-protected Computer. Also, see how to deploy Microsoft BitLocker Administration and Monitoring Tool.

The BitLocker client can also be distributed through an electronic software distribution system. Such as Active Directory Domain Services or Microsoft System Center Configuration Manager or as part of the imaging process for a new deployment.

Here are some interesting guides: BitLocker Recovery Mode prompted? Unable to find my BitLocker Recovery Key. Please see how to fix the MBAM Client Deployment is only supported on MBAM 2.5 SP1.

By the way, what is an OU?

Organizational units (OUs) in an Active Directory Domain Services (AD DS) managed domain enables you to logically group objects such as user accounts, service accounts, computer accounts etc. It enables you to apply group policy to enforce targeted configuration settings. Here is a comprehensive guide on how to deploy an MBAM Client as part of a Windows Deployment.

Reason for the error

It is a very straightforward error. As we can see from the deployment summary below. 

An OU linking this device had BitLocker/MBAM policies applied and when the device was joined to the AD and the policies were applied. This policy was detected during the installation of MBAM.
MBAMClientDeploymentError

Resolution to MBAM Policy was detected

To resolve this issue, you will need to move the device out of this OU having BitLocker and MBAM policies linked to it. Move it to an OU that does not have this policy linked.

When this is done, start the deployment process again and it should succeed witouth errors as shown below.

Note: As you can see from the image below, the encryption is in progress wbven when the deployment has completed (succeeded).
desiredbehaviour

As you can see the Computer Compliance Report below shows the encryption status for this device.

compliant

When the encryption is complete, you can now move the device to the right OU. 

Note: I would recommend actually having the automatic MBAM client deployment managed by a software deployment system when the device is connected to the domain.

I hope you found this blog post on “MBAM Policy was detected: Verify the OU used for pre-deployment does not apply MBAM policy” helpful. Please let me know in the comment session if you have any questions.

Rate this post
Windows Server Tags:, , , , , , , , , , ,

Related Posts

More Related Articles

WinRM set up for specific IP Configure WinRM to accept connection from a specific IP Address Windows
windows pe screenshot1 rcm1200x0 Workaround and Permanent fix for this snap-in performed a non-valid operation and has been unloaded: To continue using this snap-in restart MMC or try loading the snap-in again Windows Server
Modernstanby Modern Standby: PC is automatically encrypted Windows
microsoft confirms some pcs freeze after windows 10 2 Information on BOOTP Vendor Extensions and DHCP Options Windows Server
https specials images.forbesimg.com imageserve 4c098735a05b4251a85e8505c91f1837 0x0 Fix insufficient access rights to perform this operation when trying to enable Active Directory Recycle Bin Windows Server
BitLocker BitLocker Drive Encryption architecture and implementation types on Windows Windows Server

Leave a Reply