As suspected, a different Microsoft employee confirmed Windows 7 machines without a TPM are not compatible with MBAM, Windows 8 is though.
Nevertheless, we managed to get the Enable BitLocker step to work by creating a step before that imports the required registry keys:-
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE]
"FDVPassphrase"=dword:00000001
"FDVEnforcePassphrase"=dword:00000001
"FDVPassphraseComplexity"=dword:00000002
"FDVPassphraseLength"=dword:00000008
"OSPassphrase"=dword:00000001
"OSPassphraseComplexity"=dword:00000002
"OSPassphraseLength"=dword:00000008
"OSPassphraseASCIIOnly"=dword:00000000
"OSRecovery"=dword:00000001
"OSManageDRA"=dword:00000001
"OSRecoveryPassword"=dword:00000002
"OSRecoveryKey"=dword:00000002
"OSHideRecoveryPage"=dword:00000001
"OSActiveDirectoryBackup"=dword:00000001
"OSActiveDirectoryInfoToStore"=dword:00000001
"OSRequireActiveDirectoryBackup"=dword:00000001
"EnableBDEWithNoTPM"=dword:00000001
"UsePartialEncryptionKey"=dword:00000002
"UsePIN"=dword:00000002
"UseAdvancedStartup"=dword:00000001
"UseTPM"=dword:00000000
"UseTPMKey"=dword:00000000
"UseTPMPIN"=dword:00000002
"UseTPMKeyPIN"=dword:00000002
"UseEnhancedPin"=dword:00000000
"MinimumPIN"=dword:00000006
"EncryptionMethod"=dword:00000002
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement]
"UseMBAMServices"=dword:00000001
"UseKeyRecoveryService"=dword:00000001
"KeyRecoveryServiceEndPoint"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,00,\
62,00,61,00,6d,00,73,00,72,00,76,00,30,00,31,00,2e,00,70,00,69,00,6e,00,73,\
00,65,00,6e,00,74,00,6d,00,61,00,73,00,6f,00,6e,00,73,00,2e,00,6c,00,6f,00,\
63,00,61,00,6c,00,2f,00,4d,00,42,00,41,00,4d,00,52,00,65,00,63,00,6f,00,76,\
00,65,00,72,00,79,00,41,00,6e,00,64,00,48,00,61,00,72,00,64,00,77,00,61,00,\
72,00,65,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,2f,00,43,00,6f,00,72,\
00,65,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,2e,00,73,00,76,00,63,00,\
00,00
"KeyRecoveryOptions"=dword:00000001
"ClientWakeupFrequency"=dword:0000005a
"UseStatusReportingService"=dword:00000001
"StatusReportingServiceEndpoint"=hex(2):68,00,74,00,74,00,70,00,3a,00,2f,00,2f,\
00,62,00,61,00,6d,00,73,00,72,00,76,00,30,00,31,00,2e,00,70,00,69,00,6e,00,\
73,00,65,00,6e,00,74,00,6d,00,61,00,73,00,6f,00,6e,00,73,00,2e,00,6c,00,6f,\
00,63,00,61,00,6c,00,2f,00,4d,00,42,00,41,00,4d,00,43,00,6f,00,6d,00,70,00,\
6c,00,69,00,61,00,6e,00,63,00,65,00,53,00,74,00,61,00,74,00,75,00,73,00,53,\
00,65,00,72,00,76,00,69,00,63,00,65,00,2f,00,53,00,74,00,61,00,74,00,75,00,\
73,00,52,00,65,00,70,00,6f,00,72,00,74,00,69,00,6e,00,67,00,53,00,65,00,72,\
00,76,00,69,00,63,00,65,00,2e,00,73,00,76,00,63,00,00,00
"StatusReportingFrequency"=dword:000002d0
"ShouldEncryptOSDrive"=dword:00000001
"OSDriveProtector"=dword:00000004
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\MDOPBitLockerManagement\Configuration]
"CustomerExperienceImprovementProgram"=dword:00000000
Hope this helps others with a similar problem.
-
Marked as answer by
mr5h
Friday, May 01, 2015 1:40 PM