First and foremost, if you have not had a chance to read the latest Technet article on how to enable BitLocker by using MBAM, please do so here!

It is an excellent guide that explains how to configure MBAM and Bitlocker inside of MDT. Unfortunately the guide does not explain how to enable used space encryption when you are not pre-provisioning your drive. It’s actually pretty simple and can be done by just modifying the registry.

Now I’m assuming that you have Invoke-MbamClientDeployment.ps1 in your task sequence but if you have not set everything up, please read the Technet article that I referenced earlier.

In your task sequence, please navigate to the step that calls Invoke-MbamClientDeployment.ps1. If you followed the Technet guide, the task name should be “Configure BitLocker for MBAM”. Now go ahead and add a Run Command Line step before the “Configure BitLocker for MBAM” step. Let’s name this step “Enable Used Space Encryption”.

In the command line field, you will want to enter the following command:

reg.exe add HKLM\SOFTWARE\Policies\Microsoft\FVE /v OSEncryptionType /t REG_DWORD /d 2 /f

And.. That’s it!