Category Archives: System Center Configuration Manager (Current Branch)

Triggering Evaluation of SMS_DesiredConfiguration Instances on a Client Using Powershell

Posted on June 28, 2020 by ncbrady

Introduction It has always been possible to trigger evaluation of an SMS_DesiredConfiguration instance using the TriggerEvaluation method on the SMS_DesiredConfiguration. Here’s an example of that from fellow MVP Timmy. The only information needed to trigger the instance evaluation was the … Continue reading →

Posted in BitLocker Management, SMS_DesiredConfiguration, Trigger Evaluation | Leave a comment

Enabling the new Tenant Attach feature in Configuration Manager

Posted on March 5, 2020 by ncbrady

Introduction Microsoft are constantly innovating and adding new features to already amazing products, one such recent addition is a cloud feature called Tenant Attach for Microsoft Endpoint Manager and you can start testing it right now in Configuration Manager Technical … Continue reading →

Posted in 2002, 2002.2, Intune, tenant attach | 2 Comments

Full disk encryption (in ConfigMgr 1910) – a closer look using real hardware

Posted on February 25, 2020 by ncbrady

Introduction In an earlier post I showed you how you can enable Full Disk Encryption via a task sequence in Microsoft Endpoint Manager Configuration Manager version 1910. The screenshots in that blog post were taken from virtual machines, and I … Continue reading →

Posted in 1910, BitLocker, Full Disk Encryption | 6 Comments

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 9 Group Policy

Posted on February 13, 2020 by ncbrady

Introduction In this video (scroll down to the bottom of this post) I show you how you can obtain the MDOP ADMX templates for use within Active Directory Group Policy. I show you where to download the MDOP templates from, … Continue reading →

Posted in 1910, ADMX, ADMX Templates, MBAM | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 8 Migration

Posted on January 19, 2020 by ncbrady

Introduction In this video (linked at the bottom of this post) I show you how you can migrate existing MBAM managed clients to Configuration Manager using the new BitLocker Management feature that was released in Microsoft Endpoint Configuration Manager version … Continue reading →

Posted in 1910, MBAM, Migration | Leave a comment

Enabling Full Disk Encryption in Microsoft Endpoint Configuration Manager 1910 in a task sequence

Posted on January 18, 2020 by ncbrady

Introduction Microsoft Endpoint Configuration Manager 1910 came with BitLocker management capabilities (MBAM features), and this fits together nicely with task sequence steps regarding BitLocker. The option to enable Full Disk Encryption actually started with Configuration Manager 1806 but MBAM integration … Continue reading →

Posted in 1910, BitLocker, Full Disk Encryption | 5 Comments

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 7 Reporting and compliance

Posted on January 8, 2020 by ncbrady

Introduction In this video I show you how you use the built in reports from the BitLocker Management feature that was released in Microsoft Endpoint Configuration Manager version 1910. I explain what each of the 5 built in reports offer … Continue reading →

Posted in 1910, MBAM, Reporting | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 6 forcing decryption

Posted on December 25, 2019 by ncbrady

Introduction In this video I show you how you can enforce decryption of BitLocker encrypted drives in Microsoft Endpoint Configuration Manager version 1910. It involves the use of a custom Configuration Baseline with a Configuration Item to set a registry … Continue reading →

Posted in 1910, MBAM | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 5 key rotation

Posted on December 17, 2019 by ncbrady

Introduction In this video I show you how key rotation works when a key has been revealed via the helpdesk using Bitlocker Management integrated as a feature in Microsoft Endpoint Configuration Manager version 1910. To see a list of all … Continue reading →

Posted in 1910, key rotation, MBAM | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 4 Enforce encryption

Posted on December 17, 2019 by ncbrady

Introduction In this video I show you how to enforce encryption with no user interaction using Bitlocker Management in Configuration Manager 1910 (and a compliance baseline containing a configuration item with 2 registry keys). Below are the key path and … Continue reading →

Posted in 1910, MBAM | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 3 customize the portals

Posted on December 14, 2019 by ncbrady

Introduction In this video I show you how to customize the self service portal to suit your organization, and I show you how you can change what a person see’s in the help desk based on which Active Directory Security … Continue reading →

Posted in 1910, MBAM, self service | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – Part 2, configure portals

Posted on December 10, 2019 by ncbrady

Introduction In this video I show you what you need to know to get the Bitlocker Management (formally MBAM) web site portals working in Microsoft Endpoint Configuration Manager version 1910, please check it out. Install the MBAM portals – https://docs.microsoft.com/en-us/configmgr/protect/deploy-use/bitlocker/setup-websites … Continue reading →

Posted in 1910, MBAM, MBAM, pki | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910

Posted on December 5, 2019 by ncbrady

Introduction I’ve created a video showing you what you need to know to get Bitlocker Management (formally MBAM) integration working in Microsoft Endpoint Configuration Manager version 1910, please check it out. for more info and links to setting up PKI … Continue reading →

Posted in 1910, Key Rotation, Lenovo, MBAM, MBAM helpdesk, MBAM Reporting, MBAM SelfService, P1 Mobile workstation, pki, System Center Configuration Manager (Current Branch) | 2 Comments

Want to learn about the new Bitlocker Management feature in Microsoft Endpoint Manager Configuration Manager ?

Posted on November 13, 2019 by ncbrady

Introduction Microsoft BitLocker Administration and Monitoring (MBAM) is the ability to have a client agent (the MDOP MBAM agent) on your Windows devices to enforce BitLocker encryption including algorithm type, and to store the recovery keys in your database, securely. … Continue reading →

Posted in 1909, 1910, Group Policy, Key Rotation, MBAM helpdesk, MBAM Reporting, MBAM SelfService, PKI, pki | 24 Comments

How can I upgrade to System Center Configuration Manager Current Branch version 1906

Posted on July 26, 2019 by ncbrady

Djam just tweeted the following and I’ve highlighted the important bits. This is the biggest release of #SCCM CB yet. More features that any previous release, more code checkins, and more bug fixes. Also more customers have deployed it already … Continue reading →

Posted in 1906 | Leave a comment