Microsoft Desktop Optimization Pack (MDOP) is a suite (portfolio) of technologies available to Software Assurance customers through an additional subscription. Microsoft BitLocker Administration and Monitoring (MBAM) is a component of MDOP. It has an administrator interface used for managing BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, and help monitor compliance. Kindly refer to the following similar guides on BitLocker. How to fix the missing BitLocker Recovery Tab in Active Directory Users and Computers. Here is another guide on how to enable or disable BitLocker Drive Encryption on Windows 10 and Virtual Machines. In this guide, you will learn how to disable the Sleep Mode: UEFI, TPM, and BitLocker FAQs.
Users are always on the road and take with them their organization’s confidential data. Wherever confidential data is stored, it MUST be protected against unauthorized access. This helps protect data at rest and helps guard against nefarious attackers. In this guide, I have discussed “Reasons why the BitLocker Recovery Mode Prompt can be prompted?“.
Back to the topic, the table below are some frequently asked questions relating to MBAM usage, and corresponding solutions/answers. Here is a guide I have compiled on Understanding Microsoft BitLocker Administration and Monitoring compliance state and error status.
|How long does it take for a system to show up as compliant on MBAM Reports?||Within 24 hours after the system has completed the encryption of the hard drives.|
|What do I need to do if my system is already encrypted with BitLocker encryption and I want to install the MBAM client to get its benefits?||No. MBAM can only protect the Windows partitions on Apple Hardware.|
|Can I run the MBAM client without utilizing Domain Group Policies?||No. The MBAM Group Policy settings do not exist in the Local Group Policy settings on client systems.|
|If I apply the MBAM Default GPO to my non-TPM Windows Workstations will my Windows Workstation encrypt?||Not without manually editing local Group Policy settings on the Windows Workstation which is not recommended or supported.|
|Can I run the MBAM client without being joined to a Domain?||No. The MBAM Client requires Domain Group Policies to run.|
|Can I run the MBAM client without a TPM Chip 1.2 or greater?||Yes. To run without a TPM Chip 1.2 or greater you will need to apply the Non-TPM MBAM Domain Group Policy. This will require you to type in a BitLocker password to boot your computer up.|
|Can MBAM protect the OS X partitions on Apple Hardware?||Does the MBAM Client support Windows without a TPM using a USB Key?|
|Does the MBAM Client support Windows without a TPM using a USB Key?||No. The MBAM Client does not support encryption with a USB Key.|
Why does Encryption take so long for some disks?
This depends on the following factors such as the amount of data, for Solid-state drives (SSD) – Very fast usually less than 2 hours. And for the Spinning hard drive – usually about 8-10 hrs.
How does UEFI work to ensure device security?
The Unified Extensible Firmware Interface (UEFI) is a programmable boot environment that initializes devices and starts the operating system’s bootloader. In short, the UEFI specification defines a firmware execution authentication process called Secure Boot. Secure Boot blocks untrusted firmware and bootloaders (signed or unsigned) from being able to start on the system.
By default, BitLocker provides integrity protection for Secure Boot by utilizing the TPM PCR measurement. An unauthorized EFI firmware, EFI boot application, or bootloader can’t run and acquire the BitLocker key.
Can I apply the MBAM Default GPO to non-TPM Windows Workstations?
No, because MBAM Group Policy defines the MBAM Compliance definition for the Windows Workstations it is applied to. Applying the incorrect GPO will result in a non-compliance status in MBAM Reports as the system will be missing the TPM Protector.
How does Windows protect the system before Windows starts
Before Windows starts, the security features implemented as part of the device hardware and firmware can be relied on. This includes TPM and secure boot. Fortunately, many modern computers feature a TPM and secure boot.
Note: Windows is pretty very secure when you have the right hardware and firmware capabilities in place (newer hardware). During the boot process, we rely on security features implemented as part of the device hardware and firmware, including TPM and Secure Boot, and Trusted Boot (appropriate hardening). Newer devices have TPM and Secure Boot to mitigate any form of startup attack.
Why do I Need a TPM, and how does it work?
A trusted platform module (TPM) is a
microchip designed to provide security-related functions, primarily involving encryption keys. The chip includes multiple physical security mechanisms to make it tamper-resistant, thereby making it impossible for malicious software to tamper with the security functions of the TPM. On some platforms,
TPM can alternatively be implemented as a part of secure firmware. BitLocker binds encryption keys with the
TPM to ensure that a computer hasn’t been tampered with while the system was offline.
When the device is powered up, the TPM authenticates it. The
TPM provides a cryptographic key to unlock the encrypted drive, and if the key is validated, the computer will boot up as normal. If the
cryptographic key is tampered with, the computer won’t start, a recovery window will be prompted.
See this guide on "Reasons why the BitLocker Recovery Mode Prompt can be prompted. for more information"
Applies to Windows 11: TPM 2.0 requirement aims to elevate the Windows security baseline of your device. Ultimately, this will help keep all computer users more secure while simultaneously making it much harder for hackers to commit cybercrime thereby helping to protect encryption keys, user credentials, and other sensitive data so that malware and attackers can’t access or tamper with that data.
How to clear TPM correctly
Starting with Windows 10, clearing the TPM resets it to an unowned state. That is the operating system automatically initializes and takes ownership of the TPM. Microsoft has actively stopped developing the TPM management console beginning with Windows Server 2019 and Windows 10, version 1809. You can use the TPM Management console or the Windows Defender Security Center app to clear the TPM. As a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation ensures the new OS can fully deploy any TPM-based functionality it includes, such as attestation. Even if the TPM isn’t cleared before a new operating system is installed,
most TPM functionality will work correctly.
Note: Clearing the TPM via the TPM Management console or the Windows Defender Security Center app does not result in data loss. But when cleared via the BIOS from the various test Performed if you do not have your BitLocker recovery key in place.
What are the advantages of a TPM?
Most operating systems use a shared memory space and rely on the operating system to manage physical memory. A TPM is a hardware component that uses its own internal firmware and logic circuits for processing instructions, thus shielding it from external software vulnerabilities. Attacking the TPM requires physical access to the computer. Additionally, the tools and skills necessary to attack hardware are often expensive and usually aren’t as available as the ones used to attack software. And because each TPM is unique to the computer that contains it, attacking multiple TPM computers would be difficult and time-consuming.
On devices that have a TPM version 1.2 or higher, BitLocker uses the enhanced security capabilities of the TPM to make data accessible only if the computer’s BIOS firmware code and configuration, original boot sequence, boot components, and BCD configuration all appear unaltered and the encrypted disk is located in the original computer.
On systems that use TPM PCR, BCD setting changes deemed safe are permitted to improve usability. Therefore ensure the integrity of early boot components and boot configuration data.
How does BitLocker protect against a Reset Attack?
To defend against malicious reset attacks, BitLocker uses the TCG Reset Attack Mitigation, also known as MOR bit (Memory Overwrite Request) before extracting keys into memory. This does not protect against physical attacks where an attacker opens the case and attacks the hardware as described here: “BitLocker Back Door – TPM Only: From stolen laptop to inside the company network”. See the following section below “Why should I use a second factor of authentication (Pre-boot authentication)”.
Sleep Mode or the Hibernate Power Management options?
When BitLocker is enabled on an operating system drives in its basic configuration (with a TPM without other startup authentication) provides extra security for the
HIBERNATE MODE. However,
BitLocker provides greater security when it’s configured to use another startup authentication factor (TPM+PIN, TPM+USB, or TPM+PIN+USB) with the hibernate mode. This method is more secure because returning from hibernation requires authentication. In SLEEP MODE, the computer is vulnerable to direct memory access attacks, since unprotected data remains in RAM.
Therefore, for improved security, it's recommended to disable sleep mode and use TPM+PIN for the authentication method.
System sleep states (S1-S3) keep power to the RAM which may contain secrets, such as the BitLocker volume encryption key. An attacker finding a computer in sleep states (S1-S3) could directly attack the memory of the computer and gain access to the secrets through techniques such as RAM reminisce and direct memory access (DMA).To establish the recommended configuration via GP, set the following UI path to Disabled as shown below.
Computer Configuration\Administrative Templates\System\Power Management\Sleep Settings\Allow standby states (S1-S3) when sleeping (on battery)
Ensure the ‘
Allow Standby States (S1-S3) When Sleeping (Plugged In)‘ is set to ‘Disabled’ as shown below.
What is the best practice for using BitLocker on an operating system drive?
The recommended practice for BitLocker configuration on an operating system drive is to implement BitLocker on a computer with a TPM version 1.2 or higher, and a Trusted Computing Group (TCG)-compliant BIOS or UEFI firmware implementation, along with a PIN. By requiring a PIN that was set by the user in addition to the TPM validation, a malicious user that has physical access to the computer can’t start the computer
Can BitLocker pass the Recovery Key to a Rogue Operating system?
An attacker might modify the boot manager configuration database (BCD) which is stored on a non-encrypted partition and add an entry point to a rogue operating system on a different partition.
During the boot process, BitLocker code will make sure that the operating system that the encryption key obtained from the TPM is given is
cryptographically verified to be the intended recipient. Because this strong cryptographic verification already exists, we don’t recommend storing a hash of a disk partition table in Platform Configuration Register (PCR) 5.
An attacker might also replace the entire operating system disk while preserving the platform hardware and firmware and could then extract a protected BitLocker key blob from the metadata of the victim OS partition. The attacker could then attempt to unseal that BitLocker key blob by calling the TPM API from an operating system under their control. This will not succeed because when Windows seals the BitLocker key to the TPM, it does it with a PCR 11 value of 0, and to successfully unseal the blob, PCR 11 in the TPM must have a value of 0.
However, when the boot manager passes the control to any boot loader (legitimate or rogue) it always changes PCR 11 to a value of 1. Because the PCR 11 value is guaranteed to be different after exiting the boot manager, the attacker can’t unlock the BitLocker key.
Why should I use a second factor of authentication (Pre-boot authentication)
Pre-boot authentication is designed to
prevent the encryption keys from being loaded to system memory without the trusted user supplying another authentication factor such as a PIN or startup key. This feature helps mitigate DMA and memory remanence attacks. Pre-boot authentication with BitLocker is a policy setting that requires the use of either user input, such as a PIN, a startup key, or both to authenticate prior to making the contents of the system drive accessible. The Group Policy setting is Require additional authentication at startup and the corresponding setting in the BitLocker CSP is SystemDrivesRequireStartupAuthentication.
Pre-boot authentication with a PIN can also mitigate DMA port attacks during the window of time between when BitLocker unlocks the drive and Windows boots to the point that Windows can set any port-related policies that have been configured.
BitLocker accesses and stores the encryption keys in memory only after pre-boot authentication is completed. If Windows can’t access the encryption keys, the device can’t read or edit the files on the system drive. The only option for bypassing pre-boot authentication is entering the recovery key.
Unlock Options for BitLocker Protected Computers
On BitLocker-protected devices, they can be unlocked in these four ways.
- TPM-Only. Using TPM-only validation doesn’t require any interaction with the user to unlock and provide access to the drive. If the TPM validation succeeds, the user sign-in experience is the same as a standard sign-in. If the TPM is missing or changed or if BitLocker detects changes to the BIOS or UEFI code or configuration, critical operating system startup files, or the boot configuration, BitLocker enters recovery mode, and the user must enter a recovery password to regain access to the data. This option is more convenient for sign-in but less secure than the other options, which require an additional authentication factor.
- TPM with PIN. In addition to the protection that the TPM provides, BitLocker requires that the user enters a PIN. Data on the encrypted volume can’t be accessed without entering the PIN.
TPMs also have anti-hammering protection that is designed to prevent brute force attacks that attempt to determine the PIN.
- TPM with startup key and PIN. In addition to the core component protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, and a PIN is required to authenticate the user to the TPM. This configuration provides multifactor authentication so that if the USB key is lost or stolen, it can’t be used for access to the drive because the correct PIN is also required.
- TPM with startup key. In addition to the protection that the TPM-only provides, part of the encryption key is stored on a USB flash drive, referred to as a startup key. Data on the encrypted volume can’t be accessed without the startup key.
Why are organizations not implanting the recommended TPM + PIN but TPM Only?
Pre-boot authentication prompts can be inconvenient to users. In addition, users who forget their PIN or lose their startup key are denied access to their data until they can contact their organization’s support team to obtain a recovery key. Pre-boot authentication can also make it more difficult to update unattended desktops and remotely administered servers because a PIN needs to be entered when a computer reboots or resumes from hibernation. For the latter, I will recommend BitLocker Network Unlock, how to create a certificate template for BitLocker Network Unlock, and how to configure Network Unlock in Windows.
Network Unlock allows systems within the physical enterprise security perimeter that meet the hardware requirements and have BitLocker enabled with TPM+PIN to boot into Windows without user intervention. It requires direct ethernet connectivity to an enterprise Windows Deployment Services (WDS) server.
Can a user still query the BitLocker Status when the recovery mode is prompted?
When the BitLocker Recovery Window is prompted, you can no longer query the BitLocker Management Interface using the “
manage-bde -status” command.
What happens when an attacker installs a Bootkit or Rootkit-like in the boot chain in order to steal the BitLocker Keys?
BitLocker protects against this attack by default. The TPM should observe this installation via PCR measurements, and the BitLocker key won’t be released.
A BIOS password is recommended for defence-in-depth in case a BIOS exposes settings that may weaken the BitLocker security promise. Intel Boot Guard and AMD Hardware Verified Boot support stronger implementations of Secure Boot that provide additional resilience against malware and physical attacks. Intel Boot Guard and AMD Hardware Verified Boot are part of platform boot verification standards for a highly secure Windows device.
Are Paging file, crash dump, and Hyberfil. sys protected against BitLocker Attacks
These files are secured on an encrypted volume by default when BitLocker is enabled on OS drives. It also blocks automatic or manual attempts to move the paging file.
Can I access my BitLocker-protected drive if I insert the hard disk into a different computer?
Yes, if the drive is a data drive, you can unlock it from the BitLocker Drive Encryption Control Panel item just as you would any other data drive by using a password or smart card. If the data drive was configured for automatic unlock only, you will have to unlock it by using the recovery key. The encrypted hard disk can be unlocked by a data recovery agent (if one was configured) or it can be unlocked by using the recovery key.
What system changes would cause the integrity check on my Operating System drive to fail?
See this guide on “Reasons why the BitLocker Recovery Mode Prompt can be prompted? for more information”. The following types of system changes can cause an integrity check failure and prevent the TPM from releasing the BitLocker key to decrypt the protected operating system drive:
- Moving the BitLocker-protected drive into a new computer.
- Installing a new motherboard with a new TPM.
- Turning off, disabling, or clearing the TPM.
- Changing any boot configuration settings.
- Changing the BIOS, UEFI firmware, master boot record, boot sector, boot manager, option ROM, or other early boot components or boot configuration data.
How do I force a machine using Microsoft BitLocker Administration and Monitoring to prompt users to encrypt immediately?
By design, the Microsoft BitLocker Administration and Monitoring (MBAM) client waits a random period of time between one and 90 minutes when its service starts, before prompting users to encrypt. This is done to avoid any mass hit on the MBAM server infrastructure for new deployments. To force a machine to prompt immediately, you can make a registry change to remove the 90-minute random delay and prompt the user immediately after restarting the MBAM client service:
1. Start the registry editor (regedit.exe)
2. Go to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MBAM
3. Select New - DWORD value
4. Enter a name of NoStartupDelay
5. Double-click the new value and set the data to 1 and click OK
6. Close the registry editor
Restart the MBAM client service for the change to take effect.
What can prevent BitLocker from binding to PCR 7?
BitLocker can be prevented from binding to PCR 7 if a non-Windows OS booted prior to Windows, or if Secure Boot is not available to the device, either because it has been disabled or the hardware does not support it.
Is a PIN more secure than a password?
According to Microsoft, modern devices have TPM such as Windows 10 have a defect of not linking local passwords to TPM. This is the reason why PINs are considered more secure than local passwords. A PIN is stored on the device and nowhere else. As you continue to read further, you would realize why a PIN is better and currently, Microsoft is pushing for a world without passwords! Therefore, when there are server breaches, attackers will not find your PINs on the servers. You may want to read this guide from Microsoft “Building a world without passwords“.
Passwords are shared secrets; they're entered on a device and transmitted over the network to the server. An intercepted account name and password can be used by anyone, anywhere. Because they're stored on the server, a server breach can reveal those stored credentials.
Windows Hello For Business
A password is a knowledge-based secret used to verify the identity of a user. It is one of the oldest security mechanisms in the world of the internet. When using Windows Hello for Business, the PIN isn’t a symmetric key, whereas the password is a symmetric key. With passwords, there’s a server that has some representation of the password. With Windows Hello for Business, for example, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn’t have a copy of the PIN. For that matter, the Windows client doesn’t have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key.
Microsoft is committed to its
vision of a world without passwords and they have acknowledged the satisfaction “the convenience PIN” has provided. That being said, it still uses a password for authentication. Microsoft recommends that customers using Windows 10 and convenience PINs should move to Windows Hello for Business. Microsoft will be deprecating convenience PINs in the future and will publish the date early to ensure customers have adequate lead time to deploy Windows Hello for Business. You should test WHFB Hybrid Cloud Kerberos Trust Model as it is much easier to deploy than the existing key trust and certificate trust deployment models by removing the need for maintaining complicated public key infrastructure (PKI) and Azure Active Directory (Azure AD) Connect synchronization wait times.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.