Exchange Import-LocalizedData to Import-PowerShellDataFile to avoid recurring problems with loading the config file (there is no localized data at the moment, therefore a MUI folder structure like en-US, de-DE is a little bit overkill)

Update the check for BitLocker driver version to newest version number

Check the database connection string for compliance and recovery database to include

• Encrypt=Yes

• TrustServerCertificate=False (if True -> warning)

As describes - for better integration in systems management infrastucture log all entries (Info, Warning, Error) in a custom Eventlog.

For systems management tools like SCOM or other ones this will lead to a better integration in alerting, e.g.

PS C:\WINDOWS\system32> (Get-CimClass -Namespace ROOT/CIMV2/Security/MicrosoftTpm -ClassName Win32_Tpm).CimClassProperti
es | where name -match specversion

Name : SpecVersion
Value :
CimType : String
Flags : Property, NullValue
Qualifiers : {Description, Implemented}
ReferenceClassName :

PS C:\WINDOWS\system32> wmic /namespace:\root\CIMV2\Security\MicrosoftTpm path Win32_Tpm get /value

IsActivated_InitialValue=TRUE
IsEnabled_InitialValue=TRUE
IsOwned_InitialValue=TRUE
ManufacturerId=1229346816
ManufacturerIdTxt=IFX
ManufacturerVersion=5.62
ManufacturerVersionFull20=5.62.12.13826
ManufacturerVersionInfo=534c423936363500000000000000000000
PhysicalPresenceVersionInfo=1.3
SpecVersion=2.0, 0, 1.16

Rework folder TashScheduler and add info to readme file.

Windows feature Web-WMI should not be installed for security reasons.

$obj.Status("TPM not present")

Function gets messed up with hibernation mode.
Seems status report frequency does not get triggered from last system startup. Recheck code.

Adapt code of Get-TpmObject to CIMInstance => isOwned() not working anymore.

Use get-wmiobject win32_bios to get informations about bios

Hi Team,

it looks like Windows 10 fall update 2018 and Windows 10 spring update 2019 are not included in the MBAM-TAP. I get the error: Operating system not in List.

Do further testing -> also test settings labeled as disabled to prove they are really disabled

Change report filename to MBAM_report_"computername"_"data".html

If a system restart is necessary, report shows YES YES YES YES.
Remove redundanten YES.

Bring back the quick server report, but instead of an own script add a parameter quick or short to skip some parts during report creation.

Typo in variable name -> tests fails because value is null

Update BitLocker driver version for windows 1709 / 1803 /1809

Therefor take e.g.

• Web-Service-URLs
• Reporting frequency

Check against locally installed Monitoring agents like SCOM (Microsoft) or Truesight (BMC) and get "high Level" Status of System in Report.

add Error-Action SilentlyContinue to suppress error output if no event log entry is found

Suppress output of Get-MBAMGpoRuleState

Hi Team,

after MBAM-TAP is done, it looks like MBAM-TAP is searching for GPO, which are not set in MBAM included in SCCM. Instead the policies are sent to the SCCM-Agent installed on the Client. As this is one of the future ways to use MBAM, we should have a look on that

The latest Client version for Windows 10 1809 is not supportet.
Latest supportet version is actualy: 10.017763.719
Latest version for Windows 10 1809 should be: 10.017763.1490

In the gpo_template file all policies are marked as disabled. This should raise some error messages in a configured environment where policies are enabled.
Problem:
If the write-logfile function throws an error it will be catch and obj.status and obj.passed will be set to an incorrect value regardless of the result of Get-MBAMGpoRuleState.

 if($policy.PolicyState -eq 'disabled')
            {
                try 
                {
                    Get-MBAMGpoRuleState -PolicyKey $policy.PolicyKey -PolicyValue $policy.PolicyValue -path $policy.PolicyPath -ErrorAction Stop | Out-Null
                    
                    $obj.Status = "Policy falsely enabled"
                    $obj.Passed = 2

                    # log error
                    $mes = "MBAM Policy $($policy.PolicyKey) falsely enabled, please check settings."+[System.Environment]::NewLine
                    $msg += $_.Exception.toString()+[System.Environment]::NewLine
                    $msg += "; " + $_.ScriptStackTrace.toString()
                    write-LogFile -Path $LogPath -name $LogName -message $msg -Level Error

                }
                catch
                {
                    $obj.Status = "Policy disabled as expected"
                    $obj.Passed = 1
                }            
            }

Add GPO template explanation to readme file.

Add a parameter with an exception list for DC who do not reply at a ping (firewall rule, etc...)

Add some javascript in the report to e.g. collapse sections of the report or search for a keyword.
Standard report must be created without javascript.

Javascript code must be implemented in a seperate file which will automatically be included.

Report creation with javascript will be triggered by a switch parameter.

• Implement test case for installed Bitlocker Driver on System
• Display in report

Switch from a one day to a multiple day email dispatch