I have been in the pilot stages of a Bitlocker Administration and Monitoring (MBAM) implementation here at the school board. For my pilot, I am using a single server implementation. Now, in real life to implement MBAM you should be using a three server or five server implementation. I pinged @StephenLRose asking what the difference would be between three and five and the response was basically around where you would want the roles hosted and not about scalability. Size wise, 25,000 clients is what each MBAM implementation can handle.
So my pilot was to check out the implemenation guide, see how it works for encrypting the drive. The issue I did have so far was clients not checking in with the MBAM Server. What I found was a registry hack that needed to be done. The hack is this (from the TechNet forums):
Add a registry key on MBAM server under HKLM\Software\Microsoft
Create a new key called MBAM and then create a new Dword 32-bit value called DisableMachineVerification and set to 1After you do this, on client restart the MBAM client service and then this issue should be resolved.
I performed that step and I was off to the races. The computer checked in to MBAM and then prompted me to encrypt the drive. Another next step is to provide some automation for our imaging process.