This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(73.60000000000001, 79%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJB%3C/text%3E%3C/svg%3E)
Good morning,
I am piloting MEMCM\Intune co-management for a group of hybrid-joined devices. We are also in the middle of migrating our MBAM management of some of these devices from a standalone infrastructure to MEMCM-integrated. For any machine that isn't in the Pilot group, the migration goes fine, I see the machine show up in the DB and it shows compliance status properly in the MEMCM reports. For any machine that is in the Pilot group, the Compliance Status Details show as "Policy is not enforced" If I look at the BitlockerManagementHandler.log on those clients, I see multiple entries of this type:
Security workload is not SCCM managed; ignoring policy.
We do have an Endpoint Management\Disk Encryption Policy configured, but I have removed the deployment to those machines, and yet the MEMCM Bitlocker policy will still not enforce.
Is MEMCM-integrated Bitlocker management supported for Co-managed devices and if so is there a specific workload that must not be Pilot-Intune assigned in order for the MEMCM policies to take effect?
Any help is welcome.
Thank RahulJindal for the valuable input.
@John Biggston Have all the concern been addressed? Is there any other assistance that we can provide?
If RahulJindal's reply is helpful, please accept his answer. It will make someone else who has the similar issue easily find the direction.
Thanks for your kindness in advance.
If you have moved the Endpoint Protection work load to Intune, then this will move BitLocker and Defender to Intune as well.
So MEMCM-integrated MBAM and Intune are incompatible? We're likely going to be staying with a hybrid Intune\MEMCM environment and would prefer to have Bitlocker managed by MEMCM, is there no way to specifically exclude Bitlocker from the Endpoint workload?
No this is not possible.