Want to learn about the new Bitlocker Management feature in Microsoft Endpoint Manager Configuration Manager ?

Introduction

Microsoft BitLocker Administration and Monitoring (MBAM) is the ability to have a client agent (the MDOP MBAM agent) on your Windows devices to enforce BitLocker encryption including algorithm type, and to store the recovery keys in your database, securely. It includes reporting, key rotation, compliance and more.

The following blog post from Microsoft details their future direction with regard to BitLocker Management and is  a must read. They’ve since written a new blog about the subject here.

 

The purpose of this blog post is to gather together guides and videos I’ve created since Bitlocker Management appeared as a feature in Configuration Manager Technical Preview version  1905 and onwards to it’s release in production in Configuration Manager version 1910 (Current Branch).

Videos

Guides

Microsoft Docs

Note: MBAM integrated in 1910 requires a https enabled management point. If you’d like help to configure PKI then see my links below:

Setting up PKI in a lab

Convert ConfigMgr from HTTP to HTTPS

This entry was posted in 1909, 1910, Group Policy, Key Rotation, MBAM helpdesk, MBAM Reporting, MBAM SelfService, PKI, pki. Bookmark the permalink.

16 Responses to Want to learn about the new Bitlocker Management feature in Microsoft Endpoint Manager Configuration Manager ?

  1. gowdey says:

    Great stuff as always Niall!

  2. Pingback: Learn about MBAM integration in Microsoft Endpoint Configuration Manager version 1910 | just another windows noob ?

  3. Pingback: Learn about MBAM in Microsoft Endpoint Configuration Manager version 1910 – part 6 decrypting drives | just another windows noob ?

  4. Pingback: Learn about MBAM in Microsoft Endpoint Configuration Manager version 1910 – part 7 Reporting and compliance | just another windows noob ?

  5. Pingback: Learn about MBAM in Microsoft Endpoint Configuration Manager version 1910 – part 8 Migration | just another windows noob ?

  6. Phoenixtekk says:

    Yeap, this is one to keep handy. Thanks again…

  7. Pingback: System Center Ocak 2020 Bülten – Sertaç Topal

  8. Pingback: Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 9 Group Policy | just another windows noob ?

  9. Pingback: Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – Part 2, configure portals | just another windows noob ?

  10. Pingback: Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 3 customize the portals | just another windows noob ?

  11. Pingback: Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 4 Enforce encryption | just another windows noob ?

  12. Pingback: Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 5 key rotation | just another windows noob ?

  13. Pingback: Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 6 forcing decryption | just another windows noob ?

  14. Pingback: Full disk encryption (in ConfigMgr 1910) – a closer look on real hardware | just another windows noob ?

  15. magviegas says:

    Hi Niall, those are amazing tutorials, thank you!

    BTW, have you seen a problem where the registry key MDOPBitLockerManagement is never populated with the corresponding MBAM entries? The MDOP is installed successfully, I see no errors in the logs, but the client never starts encrypting and I guess this is the reason. This is happening with a few clients out of 200.

    Thanks a lot!
    Marcelo Viegas

    • ncbrady says:

      hi Marcelo,
      thanks for the thanks, so can you go into more detail about what you are seeing exactly ? are you saying the reg keys don’t get created at all ? were these devices ever managed by MBAM ? do they have the correct client version and the MDOP agent installed ?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.