Determining why a Device Receives a Noncompliance Message

  • Article

The following noncompliance codes are provided by WMI and describe the reasons why a particular device is reported by MBAM as noncompliant.

You can use your preferred method to view WMI. If you use PowerShell, run gwmi -class mbam_volume -Namespace root\microsoft\mbam from a PowerShell prompt and search for ReasonsForNoncompliance.

Non-Compliance Code Reason for Non-Compliance

0

Cipher strength not AES 256.

1

MBAM Policy requires this volume to be encrypted but it is not.

2

MBAM Policy requires this volume to NOT be encrypted, but it is.

3

MBAM Policy requires this volume use a TPM protector, but it does not.

4

MBAM Policy requires this volume use a TPM+PIN protector, but it does not.

5

MBAM Policy does not allow non TPM machines to report as compliant.

6

Volume has a TPM protector but the TPM is not visible (booted with recover key after disabling TPM in BIOS?).

7

MBAM Policy requires this volume use a password protector, but it does not have one.

8

MBAM Policy requires this volume NOT use a password protector, but it has one.

9

MBAM Policy requires this volume use an auto-unlock protector, but it does not have one.

10

MBAM Policy requires this volume NOT use an auto-unlock protector, but it has one.

11

Policy conflict detected preventing MBAM from reporting this volume as compliant.

12

A system volume is needed to encrypt the OS volume but it is not present.

13

Protection is suspended for the volume.

14

AutoUnlock unsafe unless the OS volume is encrypted.

15

Policy requires minimum cypher strength is XTS-AES-128 bit, actual cypher strength is weaker than that.

16

Policy requires minimum cypher strength is XTS-AES-256 bit, actual cypher strength is weaker than that.

 

Technical Reference for MBAM 2.5

Configuring MBAM 2.5 Server Features by Using Windows PowerShell

 

Got a suggestion for MBAM?

For MBAM issues, use the MBAM TechNet Forum.