Category Archives: System Center Configuration Manager (Current Branch)

What’s new in Microsoft Endpoint Manager – part 1

Introduction These are my notes from a session shown today @ Microsoft Ignite 2020, the session was hosted by Steve Dispensa (Director of Program Management at Microsoft Endpoint Manager) and Ramya Chitrakar (Director of Engineering at Microsoft Endpoint Manager). For … Continue reading

Posted in Cloud Management, Microsoft Tunnel, tenant attach | Leave a comment

Troubleshooting BitLocker Management in ConfigMgr – Part 1. Server side

Introduction Microsoft blogged about Bitlocker Management capabilities back in May, 2019. They detailed how that would impact and evolve on the following three platforms.     Cloud-based BitLocker management using Microsoft Intune     On-premises BitLocker management using System Center Configuration Manager … Continue reading

Posted in 1910, 2002, BitLocker Management, MBAM, pki, System Center Configuration Manager (Current Branch) | Leave a comment

Fixing an evaluation version of SSRS with “HTTP Error 503. The Service is unavailable”

Introduction I was writing a blog post about Troubleshooting BitLocker Management in ConfigMgr 2002 Current Branch and one of the things I was trying to do was install the web portals, but I was seeing errors shown below. Get-ReportServiceUri : … Continue reading

Posted in 2002, BitLocker Management, Reporting | Leave a comment

How can we utilize the Bitlocker Management feature during OSD with Endpoint Manager

Introduction I’ve had a lot of questions recently about people wanting to use the new BitLocker Management capabilities in Configuration Manager, and to make use of those abilities during OSD (Operating System Deployment). First things we need to keep in … Continue reading

Posted in 1910, 2002, 2006, BitLocker Management, Full Disk Encryption, MBAM, pki | Leave a comment

How can I replace an expired IIS certificate in a PKI enabled ConfigMgr environment

Introduction I was busy putting together another BitLocker Management OSD related blog post in one of my PKI enabled ConfigMgr labs (#11) when I noticed that PXE boot no longer worked. The virtual machine would attempt to PXE boot for … Continue reading

Posted in 2002, BitLocker, expired IIS cert, PKI, smspxe.log | 1 Comment

Triggering Evaluation of SMS_DesiredConfiguration Instances on a Client Using Powershell

Introduction It has always been possible to trigger evaluation of an SMS_DesiredConfiguration instance using the TriggerEvaluation method on the SMS_DesiredConfiguration. Here’s an example of that from fellow MVP Timmy. The only information needed to trigger the instance evaluation was the … Continue reading

Posted in BitLocker Management, SMS_DesiredConfiguration, Trigger Evaluation | Leave a comment

Enabling the new Tenant Attach feature in Configuration Manager

Introduction Microsoft are constantly innovating and adding new features to already amazing products, one such recent addition is a cloud feature called Tenant Attach for Microsoft Endpoint Manager and you can start testing it right now in Configuration Manager Technical … Continue reading

Posted in 2002, 2002.2, Intune, tenant attach | 2 Comments

Full disk encryption (in ConfigMgr 1910) – a closer look using real hardware

Introduction In an earlier post I showed you how you can enable Full Disk Encryption via a task sequence in Microsoft Endpoint Manager Configuration Manager version 1910. The screenshots in that blog post were taken from virtual machines, and I … Continue reading

Posted in 1910, BitLocker, Full Disk Encryption | 6 Comments

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 9 Group Policy

Introduction In this video (scroll down to the bottom of this post) I show you how you can obtain the MDOP ADMX templates for use within Active Directory Group Policy. I show you where to download the MDOP templates from, … Continue reading

Posted in 1910, ADMX, ADMX Templates, MBAM | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 8 Migration

Introduction In this video (linked at the bottom of this post) I show you how you can migrate existing MBAM managed clients to Configuration Manager using the new BitLocker Management feature that was released in Microsoft Endpoint Configuration Manager version … Continue reading

Posted in 1910, MBAM, Migration | Leave a comment

Enabling Full Disk Encryption in Microsoft Endpoint Configuration Manager 1910 in a task sequence

Introduction Microsoft Endpoint Configuration Manager 1910 came with BitLocker management capabilities (MBAM features), and this fits together nicely with task sequence steps regarding BitLocker. The option to enable Full Disk Encryption actually started with Configuration Manager 1806 but MBAM integration … Continue reading

Posted in 1910, BitLocker, Full Disk Encryption | 12 Comments

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 7 Reporting and compliance

Introduction In this video I show you how you use the built in reports from the BitLocker Management feature that was released in Microsoft Endpoint Configuration Manager version 1910. I explain what each of the 5 built in reports offer … Continue reading

Posted in 1910, MBAM, Reporting | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 6 forcing decryption

Introduction In this video I show you how you can enforce decryption of BitLocker encrypted drives in Microsoft Endpoint Configuration Manager version 1910. It involves the use of a custom Configuration Baseline with a Configuration Item to set a registry … Continue reading

Posted in 1910, MBAM | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 5 key rotation

Introduction In this video I show you how key rotation works when a key has been revealed via the helpdesk using Bitlocker Management integrated as a feature in Microsoft Endpoint Configuration Manager version 1910. To see a list of all … Continue reading

Posted in 1910, key rotation, MBAM | Leave a comment

Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 4 Enforce encryption

Introduction In this video I show you how to enforce encryption with no user interaction using Bitlocker Management in Configuration Manager 1910 (and a compliance baseline containing a configuration item with 2 registry keys). Below are the key path and … Continue reading

Posted in 1910, MBAM | Leave a comment