Hi guys, we have implemented MBAM in our environment. We had different encryption methods on some machines. Some have the cypher strength "128-Bit" and some have "128-Bit" with diffuser" What we see in the console is that machines that have "128-Bit with Diffuser" they are marked as non-compliant How does MBAM determine if a client is "compliant". Is this via group policy settings we have applied? We do have policies set with different cypher strenghts end result is clients have different results when reporting back to the database What we would like to do is say if any machines have either "128-Bit" or "128-Bit with diffuser" then these devices are compliant. How can I do that? Thanks

Thanks for your response. Actually there are two group policy objects which conflict applied to all laptops. 1 enforces 128 Bit the other 128 with diffuser so that is where our issues have originated from. Now we dont know what the impact of changing these is, i.e chaging the "128 Bit with diffuser" policy to "128 Bit". Both of these encryption methods are fine with us so should show as compliant in the compliance reports. By the sounds of it if a group of machines are in an OU where BitLocker policies are applied they can only have 1 type of "compliant" encryption method? Thanks