| title | description | author | ms.assetid | ms.reviewer | manager | ms.author | ms.pagetype | ms.mktglfcycl | ms.sitesec | ms.prod | ms.date |
|---|---|---|---|---|---|---|---|---|---|---|---|
Prerequisites for MBAM 2.5 Clients |
Prerequisites for MBAM 2.5 Clients |
dansimp |
fc230679-9c84-4b99-a77c-bae7e7bf8145 |
dansimp |
dansimp |
mdop, security |
manage |
library |
w10 |
04/23/2017 |
Before you install the MBAM Client software on end users' computers, ensure that your environment and the client computers meet the following prerequisites.
| Prerequisite | Details |
|---|---|
The enterprise domain must contain at least one Windows Server 2008 (or later) domain controller. |
|
The client computer must be logged on to the enterprise intranet. |
|
For Windows 7 client computers only: Each client must have Trusted Platform Module (TPM) capability (TPM 1.2 or later). |
|
For Windows 8.1, Windows 10 RTM or Windows 10 version 1511 client computers only: If you want MBAM to be able to store and manage the TPM recovery keys, TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. In MBAM 2.5 SP1 only, you no longer need to turn off TPM auto-provisioning, but you must make sure that the TPM Group Policy Objects are set to not escrow TPM OwnerAuth to Active Directory. |
|
For Windows 10, version 1607 or later, only Windows can take ownership of the TPM. In addiiton, Windows will not retain the TPM owner password when provisioning the TPM. In MBAM 2.5 SP1, you must turn on auto-provisioning. |
See TPM owner password for further details. |
The TPM chip must be turned on in the BIOS and be resettable from the operating system. |
See the BIOS documentation for more information. |
The computer’s hard disk must have at least two partitions and must be formatted with the NTFS file system. |
|
The computer’s hard disk must have a BIOS that is compatible with TPM and that supports USB devices during computer startup. |
Note
Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware. |
If you use a proxy, it must be visible in the system context. MBAM runs under the system context, not the user context. |
Important
If BitLocker was used without MBAM, MBAM can be installed and utilize the existing TPM information.
MBAM 2.5 Supported Configurations
- Add or vote on suggestions here.
- For MBAM issues, use the MBAM TechNet Forum.