MECM BitLocker reasons for Non-Compliance vs. previous MBAM

M J 21 Reputation points
2024-01-19T19:25:34.2933333+00:00

My organization previously used MBAM for endpoint encryption and we have now switched to MECM overall which includes BitLocker. However, the MECM BitLocker lists more workstations as non-compliant than the previous MBAM system did. My questions is: Does MECM BitLocker look at more settings/characteristics than MBAM did? When I look at the workstations listed as non-compliant, I see many that are actually compliant on the three main factors: BitLocker GPO, MBAM software installed, and workstation TPM enabled. What other factors does MECM examine?

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. XinGuo-MSFT 12,631 Reputation points
    2024-01-22T07:29:03.4+00:00

    Hi,

    WMI on the client provides the following non-compliance codes. It also describes the reasons why a particular device reports as non-compliant.

    There are various methods to view WMI. For example, use the following PowerShell command:

    PowerShellCopy

    (Get-WmiObject -Class mbam_Volume -Namespace root\microsoft\mbam).ReasonsForNoncompliance
    

    https://learn.microsoft.com/en-us/mem/configmgr/protect/tech-ref/bitlocker/non-compliance-codes

    0 comments No comments

  2. Garth Jones 1,566 Reputation points MVP
    2024-01-22T13:24:38.8666667+00:00

    I don't believe that it does. However you might have configured different compliance settings between them. Exactly what are you seeing that is different? e.g. what three factors are you seeing set?