Note: What happens if deploy a bitlocker policy from SCCM with an encryption algorithm of 256 to the devices when the devices are already bitlocker with a different algorithm using MBAM? If you would like to change the encryption algorithm such as 128 (MBAM) to 256 (SCCM), you need to decrypt the disk first before you encrypt using 256. If there is any difference in the bitlocker policy settings (algorithm 128 to 256) from MBAM to SCCM, there will be conflicts when you deploy this to the collection and you may see unexpected results. Once you have got the information, go to the SCCM server, endpoint protection, and Create a new bitlocker policy with settings similar to GPO. This is one of the important settings we will need for SCCM. Go to your GPO, and identify the policy that has the BitLocker settings configured such as bitlocker cipher strength such as AES 128, AES 256 etc. Once you have enabled the BitLocker feature in SCCM and is working condition (verify the IIS web portals if they are working or not), we will need to collect the settings from the existing MBAM setup such as encryption method, cipher strength, etc that you configured in GPO. you can simply install/enable the bitlocker in SCCM but don't create or deploy any BitLocker policies to your clients (collection).
Follow the Microsoft article on how to enable the bitlocker feature Įnabling the BitLocker feature in SCCM is independent of your current MBAM setup.
You want to migrate the clients from MBAM and continue to SCCM for the BitLocker feature.īefore we start the migration process, make sure your current SCCM infra has the BitLocker feature enabled and configured. This migration steps assume that you are using MBAM server with a GPO configuration policy (BitLocker settings). In this blog post, I would like to provide the steps that i have used to migrate the standalone MBAM to SCCM for my customers. Read the considerations from MBAM to SCCM To know about the migration of the MBAM server to Microsoft Endpoint Manager (Intune), please read the article We can also use Microsoft Intune as an alternative approach and is the future. Microsoft has incorporated the MBAM features into Configuration Manager (SCCM) starting in version 1910, since then it has improved a lot with new features and improvements. Ĭonsidering the support for MBAM, what other alternative tools/products do we have to manage the BitLocker feature? To know more about mainstream support and extended support, please read the article. MBAM mainstream support ended on July 2019 and is currently in extended support until April 2026. We all know that Microsoft BitLocker Administration and Monitoring (MBAM) is an administrative tool for managing BitLocker Drive Encryption for windows devices that are on-prem domain joined.
0 kommentar(er)
