Archives
-
-
Recent Posts
- Forcing a time sync during Windows Autopilot OOBE to combat time related issues
- Dem in 20, Will printer Audits continue to exist ?
- Technical Preview 2109 is out, update your console manually
- Retrieve BitLocker recovery keys from Tenant attached devices in the MEM console
- Fixing: “Total identified Windows installations: 0”
-
-
Recent Comments
- ncbrady on How can you use the Help Desk feature when MBAM is integrated within SCCM
- slundy on How can you use the Help Desk feature when MBAM is integrated within SCCM
- ncbrady on How can you use the Help Desk feature when MBAM is integrated within SCCM
- slundy on How can you use the Help Desk feature when MBAM is integrated within SCCM
- ncbrady on How can I retrieve my BitLocker Recovery key ?
-
Categories
- 1E
- Active Directory
- Altaro
- Altaro VM Backup
- Apple
- Assessment and Deployment Kit
- ASUS
- Azure Cloud Storage
- AzureAD
- BitLocker
- book
- Cireson ConfigMgr Portal
- CMG
- cost
- Covid19
- Current Branch for Business
- Custom Client User Settings
- CVE-2019-0708
- Dell
- Gaming
- hidden
- hololens
- HoloLens 2
- HP
- hyper-v
- IKEA
- Intune
- 1703
- Android
- Azure
- Azure AD
- Azure Portal
- BitLocker
- company portal
- Compliance
- Conditional Access
- ctrl_alt_d
- DFCI
- docs
- Edition Upgrade
- EMS
- Graph
- iOS
- macOS
- MAM-WE
- Microsoft Edge
- Microsoft Store for Business
- MVA
- Office 365 Suite
- pilot deployment
- PowerShell scripts
- Preview
- Start Screen
- troubleshooting
- win32 app
- Windows AutoPilot
- Windows Phone 8
- WIP
- Lenovo
- MBAM
- MDT
- Microsoft Ignite
- Microsoft Surface
- MMS 2016
- MSDN
- MSIgnite2018
- MVA
- MVP
- Nvidia RTX 2060
- Patch My PC
- PowerShell
- RansomWare
- SCCM
- ConfigMgr 2007
- ConfigMgr 2012
- System Center Configuration Manager (Current Branch)
- 1511
- 1602
- 1606
- 1610
- 1702
- 1706
- 1802
- 1806
- 1810
- 1902
- 1906
- 1910
- 2002
- 2006
- 2010
- 2103
- 2107
- baseline version
- Cloud Attach
- documentation
- e-http
- enhanced HTTP
- Expired
- hotfix
- https
- licensed
- linux
- LTSB
- Microsoft Tunnel
- PKI
- required task sequence
- Retry Installation
- Servicing Plans
- support lifecycle
- Telemetry
- Updates and Servicing
- System Center Configuration Manager Technical Preview
- 1604
- 1605
- 1606
- 1607
- 1608
- 1609
- 1610
- 1611
- 1612
- 1701
- 1702
- 1703
- 1704
- 1705
- 1706
- 1708
- 1709
- 1710
- 1712
- 1801
- 1802
- 1803
- 1804
- 1806
- 1808
- 1809
- 1810
- 1810.2
- 1902.2
- 1903
- 1904
- 1905
- 1906
- 1907
- 1908
- 1908.2
- 1909
- 1910
- 1911
- 1912
- 2001
- 2002
- 2002.2
- 2003
- 2004
- 2005
- 2006
- 2007
- 2008
- 2009
- 2010
- 2010.2
- 2101
- 2104
- 2105
- 2105.2
- 2106
- 2109
- Manage Duplicate Hardware Identifiers
- teams messaging
- TP2102
- tp2108
- Security
- SQL Server 2016
- SQL Server 2017
- Surface Pro X
- Uncategorized
- Uservoice
- USMT
- video
- VLSC
- Vmware
- WannaCry
- wbemtest
- WFH
- Windows 10
- Windows 7
- Windows 8
- Windows Server 2016
- Windows Server 2019
-
Meta
Category Archives: BitLocker
using BitLocker Management in ConfigMgr and do OSD, read this !
Introduction I like many others have blogged about enabling BitLocker during a task sequence in the past, however recently it’s come to my attention that the Invoke-MBAMClientDeployment.ps1 scripts which were provided for MBAM setups are not supported for use with … Continue reading
Posted in 2103, BitLocker
Leave a comment
Retire My PC – a self-service app to secure company data on old computers
Introduction By now we should all be familiar with Windows Autopilot and how it is used to provision new computers, as explained below in Microsoft’s diagram. For every new computer delivered via the Windows Autopilot process there’s usually an old … Continue reading
Posted in AzureAD, BitLocker, httptrigger, sendgrid
Leave a comment
A quick look at the “Retire MY PC” app
Introduction I tweeted about this recently and it gained a LOT of attention, so I thought I better do a video showing what this actually does. When your users get a new Windows Autopilot PC, their old computer will usually … Continue reading
Posted in 2103, AzureAD, BitLocker, BitLocker Management over CMG, httptrigger, sendgrid
Leave a comment
How can I replace an expired IIS certificate in a PKI enabled ConfigMgr environment
Introduction I was busy putting together another BitLocker Management OSD related blog post in one of my PKI enabled ConfigMgr labs (#11) when I noticed that PXE boot no longer worked. The virtual machine would attempt to PXE boot for … Continue reading
Posted in 2002, BitLocker, expired IIS cert, PKI, smspxe.log
1 Comment
Full disk encryption (in ConfigMgr 1910) – a closer look using real hardware
Introduction In an earlier post I showed you how you can enable Full Disk Encryption via a task sequence in Microsoft Endpoint Manager Configuration Manager version 1910. The screenshots in that blog post were taken from virtual machines, and I … Continue reading
Posted in 1910, BitLocker, Full Disk Encryption
6 Comments
Enabling Full Disk Encryption in Microsoft Endpoint Configuration Manager 1910 in a task sequence
Introduction Microsoft Endpoint Configuration Manager 1910 came with BitLocker management capabilities (MBAM features), and this fits together nicely with task sequence steps regarding BitLocker. The option to enable Full Disk Encryption actually started with Configuration Manager 1806 but MBAM integration … Continue reading
Posted in 1910, BitLocker, Full Disk Encryption
12 Comments
How to fix: “Unable to find suitable Recovery Service MP. Marking policy non-compliant”
Introduction Microsoft introduced on-premises BitLocker management using System Center Configuration Manager in SCCM Technical Preview version 1905. When enabling these MBAM capabilities in SCCM, you may notice the following error in the BitlockerManagement_GroupPolicyHandler.log. Unable to find suitable Recovery Service MP. … Continue reading
Posted in 1905, BitLocker, MBAM
12 Comments
Why does the Bitlocker recovery key not end up in the MBAM 2.5 SP1 database when using XTS encryption
Introduction If you are using my Windows 10 UEFI FrontEnd HTA to encrypt UEFI devices when installing Windows 10, and if you are using the MBAM 2.5 SP1 hotfix 2 to enable support for XTS-AES encryption, then you might have … Continue reading
Posted in BitLocker, MBAM 2.5 SP1, UEFI
1 Comment
Why does the Windows 10 1607 reinstall in PXE scenario fail sometimes for BitLockered UEFI enabled computers ?
Introduction Reinstalling computers via PXE boot (in WinPE) is still a valid OSD scenario, however that method brings challenges not least when UEFI capable hardware is in place and when that hardware is also encrypted with Bitlocker. The above HTA … Continue reading
Posted in 1606, 1607, BitLocker, Windows 10
Leave a comment
How can I retrieve my BitLocker Recovery key ?
Here’s a very quick post, if you are not using MBAM and don’t have access to your Active Directory and want to recover your BitLocker key for whatever reason you can quickly do as follows within Windows:- Open an Administrative … Continue reading
Posted in BitLocker
57 Comments