none
MBAM on Azure RRS feed

  • Question

  • We are about to create a task sequence for windows 10 1903. Client wants to get rid of On-premise MBAM and want to do MBAM via AZURE. can someone please advice as in how to test/implement MBAM via Azure.
    Monday, September 2, 2019 4:40 AM

All replies

  • There's nothing special about this whatsoever. Azure IaaS for this scenario is simply another datacenter. As long as the clients have connectivity to the MBAM server, then everything will work (exactly the same as noted). Connectivity can be established using ExporessRoute or a site to site VPN.

    Note that there are some limited BitLocker key saving capabilities currently in Azure AD for Azure AD domain joined systems (although this has never been sufficient IMO and pales in comparison to the full key escrow capabilities in MBAM) and that Microsoft will be expanding those capabilities at some point to include full escrow (although that doesn't help you today).

    Here's a post announcing the direction: https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Microsoft-expands-BitLocker-management-capabilities-for-the/ba-p/544329


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, September 2, 2019 12:22 PM
  • I think he wants to go from MBAM to Intune/MDM to manage bitlocker. I already explained it into other thread.

    Remember that in SCCM 1910, MBAM is totally built-in.


    MCSE Mobility 2018. Expert on SCCM, Windows 10, ALOVPN, MBAM.


    • Edited by yannara Monday, September 2, 2019 7:24 PM
    Monday, September 2, 2019 7:24 PM
  • I think he wants to go from MBAM to Intune/MDM to manage bitlocker.

    That's not what the OP wrote although I did address that as well.

    other thread

    What other thread?

    Remember that in SCCM 1910, MBAM is totally built-in.

    That's not guaranteed. We're hopeful, but until they release it, we won't know for sure. Also, that's the whole point of the post I linked to.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, September 2, 2019 7:30 PM
  • https://social.technet.microsoft.com/Forums/en-US/c071e947-b38d-46ee-801d-d7e9149956ed/mbam-during-windows-10-osd?forum=ConfigMgrCBOSD

    MCSE Mobility 2018. Expert on SCCM, Windows 10, ALOVPN, MBAM.

    Monday, September 2, 2019 10:21 PM
  • Is there any article that can help me implement MBAM via Intune. Detailed document which can help me with the entire implementation. Would like to test it asap as we need to make the new image ready.
    Sunday, September 8, 2019 12:43 AM
  • First, there's no such thing as MBAM via Intune.

    Next, as noted, some basic BitLocker key management already exists in Intune and Azure AD today. A simple web search will get yu many links including the following:

    - https://docs.microsoft.com/en-us/intune/endpoint-protection-windows-10#windows-encryption

    - https://blogs.technet.microsoft.com/showmewindows/2018/01/18/how-to-enable-bitlocker-and-escrow-the-keys-to-azure-ad-when-using-autopilot-for-standard-users/

    Finally, if you'd please read the article that I linked to, it indicates full MBAM equivalent capabilities are currently being engineered for Intune and don't exist today.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, September 9, 2019 2:12 PM