Enabling MBAM (BitLocker) in MECM 2103

Dilan Nanayakkara 1,111 Reputation points

HI All,

we are using MECM 2103 and have requirement of deploy BitLocker management via MECM. So I have a question since we have enabled "Enhanced HTTP" in our configuration manager, Can we configure MBAM without setting up PKI certificates? or else still do we need to configure PKI certificate infrastructure as a pre-requestees for MBAM.

highly appreciate the help.


Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Rahul Jindal [MVP] 9,131 Reputation points MVP

    Starting 2103, BDE supports EHTTP. So as long your clients are upgraded to 2103, you should be good. Another option is that you can configure Co-management and move the EP workload to Intune and manage Bitlocker policies through Intune.

    2 people found this answer helpful.
    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Jason Sandys 31,151 Reputation points Microsoft Employee

    Note that you do still need to supply a certificate in SQL Server to encrypt the BitLocker recovery information in the database.

  2. Jason Sandys 31,151 Reputation points Microsoft Employee

    if I don't want to encrypt BitLocker recovery information, I don't want to create a certificate in SQL server right?

    Correct although I'm not sure why you wouldn't want to do this.

    if I did encrypt BitLocker recovery information in the databases, I would do this using self-sign certificate using script in SQL server right without configuring PKI certificates right?

    Correct. There is a way to use a PKI-issued cert but the ConfigMgr docs only include details on creating and using a self-signed cert.