Move standalone MBAM to SCCM Integrated MBAM

Garima Das 1,001 Reputation points
2022-02-16T12:14:48.84+00:00

Hi Experts,

We are trying to move Standalone MBAM Server to SCCM Integration Server. Could you please suggest how this could be done?

Thanks,
Garima

Microsoft Configuration Manager
Accepted answer
  1. Eswar Koneti 2,201 Reputation points
    2022-02-16T12:38:05.677+00:00

    You cannot migrate the server components or anything from MBAM to ConfigMgr or integration as such. If you want to use the bitlocker function using native ConfigMgr, then you can follow the docs https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/deploy-management-agent to configure the bitlocker policy and start creating the policy to the collection. In short the following steps would do for you.

    1. Check if any GPO related to the MBAM created? if so, unlink it.
    2. Configure the bitlocker in ConfigMgr and deploy the bitlocker policy to the collection.
    3. You dont have to remove/uninstall the existing MBAM client from the devices, as Configmgr uses or update the client to the latest during the bitlocker policy deployment.
    4. On existing clients that are encrypted, once they receive the policy from Configmgr and if the encryption algorithm what is configured in ConfigMgr matches with drive encryption, client simply escrow the keys to Configmgr site. If any mismatch in the algorithm, device report as non-compliant and you will need to decrypt before device is follow configmgr policy to encrypt again.
    5. On newer clients, they will anyway follow the Configmgr policy for bitlocker.

    Thanks,
    Eswar
    www.eskonr.com

    2 people found this answer helpful.
    0 comments

3 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rahul Jindal [MVP] 9,151 Reputation points MVP
    2022-02-16T23:20:55.93+00:00

    ++1 to @Eswar Koneti 's response. Also, if your devices are co-managed, you can configure the Bitlocker policies in Intune instead. The keys will get backed up in AAD.

    1 person found this answer helpful.
    0 comments
  2. Kalyan Sundar 561 Reputation points
    2022-02-17T18:39:11.023+00:00
    0 comments
  3. Amandayou-MSFT 11,046 Reputation points
    2022-03-02T07:45:05.063+00:00

    Hi,

    Haven't heard from you for some time, is EswarKoneti-MVP's answer helpful to you? If it is helpful, please accept answer. It will make someone who has the similar issue easily find the answer.

    If you have any other issues, please don't hesitate to let us know.

    Thanks and have a nice day.

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    https://learn.microsoft.com/en-us/answers/articles/67444/email-notifications.html

    0 comments