Encryption Policy Enforcement Settings

This setting allows you to configure the number of days that users can delay complying with MBAM policies for their operating system drive. After this grace period expires, users will not be able to postpone the required action or request an exemption from it.

The grace period begins when the operating system is first detected as noncompliant. This grace period is the same for all users of the same computer, regardless of when each user logs on. Specifying a grace period of 0 will force the encryption process to begin immediately on the operating system drive.

If the grace period expires and the operating system drive is still not compliant, users will not be presented with the option to postpone the required action or request an exemption. If the encryption process requires user input, a dialog box will appear that users cannot close until they provide the required information. Further notifications, such as error messages or encryption status, will not have the same restriction.

Specifying a grace period of 0 will enforce the policy immediately on the operating system drive.

Supported on: At least Windows 7
Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\FVE\MDOPBitLockerManagement
Value NameUseOsEnforcePolicy
Value TypeREG_DWORD
Enabled Value1
Disabled Value0

Configure the number of noncompliance grace period days for operating system drives:

Registry HiveHKEY_LOCAL_MACHINE
Registry PathSoftware\Policies\Microsoft\FVE\MDOPBitLockerManagement
Value NameOsEnforcePolicyPeriod
Value TypeREG_DWORD
Default Value0
Min Value0
Max Value730

bitlockermanagement.admx

Administrative Templates (Computers)

Administrative Templates (Users)