Want to learn about MBAM & the new Bitlocker Management feature in Microsoft Endpoint Manager Configuration Manager ?


Microsoft BitLocker Administration and Monitoring (MBAM) is the ability to have a client agent (the MDOP MBAM agent) on your Windows 10 devices to enforce BitLocker encryption including algorithm type, and to store the recovery keys in your database, securely. It includes reporting, key rotation, compliance and more.

This is something that has been around for quite some years now and is working great, however, MBAM is currently it’s own separate solution which of course takes up more resources.

The following blog post from Microsoft details their future direction with regard to BitLocker Management and is  a must read.


The purpose of this blog post is to gather together guides and videos I’ve created since Bitlocker Management appeared as a feature in Configuration Manager Technical Preview version  1905 and onwards to it’s release in production in Configuration Manager version 1910 (Current Branch).

This will help you understand how to get started with Bitlocker Management integrated within Configuration Manager, what to expect on the client computers, using help desk functionality, key rotation, self service (for the end user) and finally running reports to get an overview of your compliance.

Note: In the list of videos below, any that are not yet linked are in progress and coming soon.



Microsoft Docs

Note: MBAM integrated in 1910 requires a https enabled management point. If you’d like help to configure PKI then see my links below:

Setting up PKI in a lab

Convert ConfigMgr from HTTP to HTTPS

This entry was posted in 1909, 1910, Key Rotation, MBAM helpdesk, MBAM Reporting, MBAM SelfService, PKI, pki. Bookmark the permalink.