question

GarimaDas-7413 avatar image
0 Votes"
GarimaDas-7413 asked Amandayou-MSFT answered

Move standalone MBAM to SCCM Integrated MBAM

Hi Experts,

We are trying to move Standalone MBAM Server to SCCM Integration Server. Could you please suggest how this could be done?

Thanks,
Garima

configuration-manager-general
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@GarimaDas-7413
Thanks for all the bros to post their precious suggestions on the thread.

Any updates of the case? May I know the answers posted in the thread is helpful or not? Please let us know if you have any confuse or questions.

Looking forward for your updates.

Sincerely,
Rita

0 Votes 0 ·
EswarKoneti-MVP avatar image
2 Votes"
EswarKoneti-MVP answered

You cannot migrate the server components or anything from MBAM to ConfigMgr or integration as such. If you want to use the bitlocker function using native ConfigMgr, then you can follow the docs https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/deploy-management-agent to configure the bitlocker policy and start creating the policy to the collection. In short the following steps would do for you.

  1. Check if any GPO related to the MBAM created? if so, unlink it.

  2. Configure the bitlocker in ConfigMgr and deploy the bitlocker policy to the collection.

  3. You dont have to remove/uninstall the existing MBAM client from the devices, as Configmgr uses or update the client to the latest during the bitlocker policy deployment.

  4. On existing clients that are encrypted, once they receive the policy from Configmgr and if the encryption algorithm what is configured in ConfigMgr matches with drive encryption, client simply escrow the keys to Configmgr site. If any mismatch in the algorithm, device report as non-compliant and you will need to decrypt before device is follow configmgr policy to encrypt again.

  5. On newer clients, they will anyway follow the Configmgr policy for bitlocker.


Thanks,
Eswar
www.eskonr.com




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RahulJindal-2267 avatar image
1 Vote"
RahulJindal-2267 answered RahulJindal-2267 edited

++1 to @EswarKoneti-MVP 's response. Also, if your devices are co-managed, you can configure the Bitlocker policies in Intune instead. The keys will get backed up in AAD.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

kalyansundar-6796 avatar image
0 Votes"
kalyansundar-6796 answered
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Amandayou-MSFT avatar image
0 Votes"
Amandayou-MSFT answered

Hi,

Haven't heard from you for some time, is EswarKoneti-MVP's answer helpful to you? If it is helpful, please accept answer. It will make someone who has the similar issue easily find the answer.

If you have any other issues, please don't hesitate to let us know.

Thanks and have a nice day.



If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.