MBAM decommissioning: solutions

49885604 145 Reputation points

Hi everyone,

one of my clients has MBAM for managing the encryption of laptops and removable disks, MBAM server + SQL database and Web Portal for key management.

MBAM will be decommissioned and the customer would like to replace it, they already have SCCM and before evaluating the move to Intune, I'd like to evaluate the use of SCCM. What are the use scenarios for SCCM and any impacts? In particular:

-Key database;

-Migration of existing database;
-Active Directory;

-Web management portal as was done with MBAM;

-Self Service Portal.

Thank you in advance,


Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,084 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,822 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,305 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Thameur-BOURBITA 32,496 Reputation points

    Hi @49885604

    Bitlocker can be managed by intune , but the device must be Microsoft Entra joined or Microsoft Entra hybrid joined.

    For more information you can refer to this Microsoft article :

    Manage BitLocker policy for Windows devices with Intune

    Please don't forget to accept helpful answer which helps users to know the answer solved the author's problem.

    0 comments No comments

  2. Simon Ren-MSFT 29,956 Reputation points Microsoft Vendor


    Thank you for posting in Microsoft Q&A forum.

    We can seamlessly migrate management from MBAM to Configuration Manager. When we deploy BitLocker management policies in Configuration Manager, clients automatically rotate their keys and upload them to the Configuration Manager recovery service.

    There is no MBAM database in Configuration Manager. All information pertaining to BitLocker management in Configuration Manager including recovery passwords are stored in the Configuration Manager database. The passwords simply get resaved to the Configuration Manager database.

    For more detailed information, please refer to:

    Migrate from MBAM

    How to migrate standalone MBAM to SCCM for bitlocker

    MBAM Server Migration To Microsoft Endpoint Manager

    Move standalone MBAM to SCCM Integrated MBAM

    Thanks for your time. Have a nice day!

    Best regards,


    If the response is helpful, please click "Accept Answer" and upvote it.

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  3. Pavel yannara Mirochnitchenko 11,616 Reputation points

    SCCM has MBAM solution integrated inside to it. So basically only MBAM standalone solution will expire.

    0 comments No comments