MECM BitLocker reasons for Non-Compliance vs. previous MBAM

M J 21 Reputation points

My organization previously used MBAM for endpoint encryption and we have now switched to MECM overall which includes BitLocker. However, the MECM BitLocker lists more workstations as non-compliant than the previous MBAM system did. My questions is: Does MECM BitLocker look at more settings/characteristics than MBAM did? When I look at the workstations listed as non-compliant, I see many that are actually compliant on the three main factors: BitLocker GPO, MBAM software installed, and workstation TPM enabled. What other factors does MECM examine?

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. XinGuo-MSFT 12,631 Reputation points


    WMI on the client provides the following non-compliance codes. It also describes the reasons why a particular device reports as non-compliant.

    There are various methods to view WMI. For example, use the following PowerShell command:


    (Get-WmiObject -Class mbam_Volume -Namespace root\microsoft\mbam).ReasonsForNoncompliance

    0 comments No comments

  2. Garth Jones 1,566 Reputation points MVP

    I don't believe that it does. However you might have configured different compliance settings between them. Exactly what are you seeing that is different? e.g. what three factors are you seeing set?