Configuring BitLocker Management on SCCM 2002

Lean 21 Reputation points
2020-10-26T00:41:41.783+00:00

I'm new to configuring the BitLocker Management.

Regarding the certificate requirements, will running this script from the Microsoft site will meet the certificate requirements?

https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/encrypt-recovery-data#example-scripts

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,888 questions
Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. AllenLiu-MSFT 44,111 Reputation points Microsoft Vendor
    2020-10-26T06:08:50.57+00:00

    @Lean
    Thank you for posting in Microsoft Q&A forum.
    The certificate is not required. If you don't want to create a BitLocker management encryption certificate, opt-in to plain-text storage of the recovery data. When you create a BitLocker management policy, enable the option to Allow recovery information to be stored in plain text.
    Configuration Manager stores the recovery information in the site database. Without a BitLocker management encryption certificate, Configuration Manager stores the key recovery information in plain text.

    The BitLocker recovery service requires HTTPS to encrypt the recovery keys across the network from the Configuration Manager client to the management point. There are two options:

    1. HTTPS-enable the IIS website on the management point that hosts the recovery service. This option only applies to Configuration Manager version 2002.
    2. Configure the management point for HTTPS. This option applies to Configuration Manager versions 1910 or 2002.

    If we don't have a management point with an HTTPS-enabled website, don't configure this setting Configure BitLocker Management Services when create a Bitlocker policy.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Lean 21 Reputation points
    2020-10-26T06:17:27.297+00:00

    34974-image.png

    currently, this the setting for the communication security, will the client still reports/communicate to the Config Manager.
    To I need to have a PKI certificate?


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.