Microsoft introduced on-premises BitLocker management using System Center Configuration Manager in SCCM Technical Preview version 1905. When enabling these MBAM capabilities in SCCM, you may notice the following error in the BitlockerManagement_GroupPolicyHandler.log.
Unable to find suitable Recovery Service MP. Marking policy non-compliant
As shown below:
The fix ?
Convert your Management Point server and client to use HTTPS communication (PKI), you can achieve that with the following guides.
- Setup a 2 tier PKI infrastructure by adding PKI by following this set of blog posts
- Convert SCCM from HTTP to HTTPS by doing this.
Once done, you’ll now see the following line in the BitlockerManagement_GroupPolicyHandler.log file. The version number will change based on the SCCM Server version.
Found current management point, CM01.windowsnoob.lab.local (version 8827)