Windows 10 1607 and the removal of the “TPM backup to Active Directory” feature


To back up TPM owner information from a computer running Windows 10, version 1507, Windows 10, version 1511, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. … . This functionality is discontinued starting with Windows 10, version 1607.
– Microsoft: TPM Group Policy Settings.

Those Microsoft folk give with one hand and take with the other.  No explanation for the removal.

Microsoft offer an alternative, the Microsoft BitLocker Administration and Monitoring (MBAM) product.  MBAM allows you to centrally manage Bitlocker and Bitlocker to Go.  Which is good, but comes at a cost.  From what I can see, you need several SQL Servers (Recovery Database, Compliance and Audit Database, Reporting Server, Administration and Monitoring Server)

Ok, so how does the removal of TPM Backup effect workstations which currently store their Bitlocker Recovery Key into Active Directory?  It doesn’t as far as I can see.  My Windows 10 1607 workstation is still happily storing it’s Recovery Key into AD.

But knowing Microsoft, eventually the Bitlocker Recovery Key storage feature will break and they won’t fix it.

A script to push the Bitlocker Recovery Key to AD
Microsoft BitLocker Administration and Monitoring 2.5

Saturday Link Roundup–Bitlocker & Display Driver Crashes

Bitlocker Group Policy Settings
How can I prevent users from using USB removable disks (USB flash drives) by using Group Policy (GPO)?

Display driver stopped respondingLimiting Repetitive GPU Hangs and Recoveries
Display Driver Stopped Responding and has Recovered [Solved]
TDR Registry Keys

Microsoft: Understanding Web Proxy Configuration
How a $5 Raspberry Pi Zero can hack your locked laptop
local .pac-file URL format that works with IE and Safari (Windows)?