none
What to use as MBAM replacement? RRS feed

  • Question

  • We use MBAM primarily as the repository for Bitlocker recovery keys - a mechanism to securly store recovery keys and allow our support staff to recover keys in the event bit locker recovery event is triggered.  We are using Configmgr to collect and report on compliance information, but I think even that has an MBAM component that computes complaince information and stores it in WMI for Configmgr to collect.

    There is no interest in moving our AD services to Azure AD, and I imagine there are many organizations who are not ready to move their directory to the cloud.  

    I feel a bit like MS is pulling the rug out from under us.  I am curious to know what others are doing.  Do you think there will be a community derived solution to manage Bitlocker?  I was hoping that additional functionality to support enterprises would be added to Bitlocker and MBAM over time rather than ending the product.  I was especially hoping that bit locker MBAM and data loss prevention would grow to support a better Bitlocker exception strategy.  I think a lot of enterprise customers are using bit locker and it is disappointing that Microsoft is abandoning us in this way.

    Sunday, August 19, 2018 9:46 PM

All replies

  • I've just read that MBAM developement will be ending at 2019, and the solution will be terminated at 2024 or so. 

    I hate the idea that everything will be moved to the cloud... cloud cloud cloud. Time to start learning Linux maybe? :D

    On a field, I don´t witness any massive movement to the Azure AD and Intune solution. Intune is handling Bitlocker settings for cloud computers, but it has its own limits, so it does not provide all the capabilities that MBAM does provide today. Lets wait and see how things will be developed. Maybe I will start milking cows or something :D


    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Monday, August 20, 2018 6:29 AM
  • Just noticed this as well. Same feelings about pulling the rug. Even if we could move our customers to cloud (which we can't in the near future), it lacks many features of MBAM.
    Monday, August 20, 2018 8:22 AM
  • hi,

    can you share a link to this information ?

    /Oliver 

    Tuesday, August 21, 2018 6:17 AM
  • hi,

    can you share a link to this information ?

    /Oliver 

    https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises

    Enterprises can use Microsoft BitLocker Administration and Management (MBAM)to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ends in July 2019or they can receive extended support until July 2024.


    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Tuesday, August 21, 2018 7:06 AM
  • I have no access to MBAM, but I could live very well without it.

    We use scripts (deployable immediate tasks) to encrypt, save recovery keys to AD and monitor encrypted drives. All irregularities are simply screened by watching the output files (which could be automated as well). Self service for recovery keys is insecure (as users should not have access to recovery keys beforehand since these could be abused), so even this MBAM "goody" would not even be allowed here.


    Wednesday, August 22, 2018 10:19 PM
  • https://execmgr.net/2018/09/05/mbam-support-to-end-july-2019/amp/?__twitter_impression=true

    I've reached out to a TAM at MSFT, there's always the possibility that something will be said at Ignite this year.

    Thursday, September 6, 2018 2:32 PM
  • Guys, what are you future plans around this? Will you still stick with existing MBAM infra for a few years or doing something else, what? Does anyone hope/wait that MS will pull back this end of life anouncement? Most important - has anyone one water proof fact;
    What can you do with;
    - Bitlocker in MBAM
    - Bitlocker in AD
    - Bitlocker in Azure AD

    What you can´t do in;
    - Bitlocker in MBAM
    - Bitlocker in AD
    - Bitlocker in Azure AD

    I just learn by supprise, that you actually can change PIN code with user rights. Didn´t know that because I was only in MBAM all these years.


    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Wednesday, September 26, 2018 10:07 AM
  • Heard from MS that they withdraw the end of life date. Still, MBAM will not be here forever.

    MCSE Mobility 2018. Expert on SCCM, Windows 10 and MBAM.

    Monday, October 15, 2018 5:30 PM
  • Hi Ronald,

    Can you share the scripts you have ?

    Thanks

    Monday, January 14, 2019 11:52 PM
  • Sure.

    I wrote this article in a german forum. Use browser translation feautures if need be. Scripts are included.

    https://administrator.de/wissen/bitlocker-verschl%C3%BCsselung-monitoring-mbam-392414.html

    Tuesday, January 15, 2019 7:26 AM
  • SCCM will now in a future provide MBAM-like capabilities, next version, probably 1906 will already have some or all MBAM capabilities.

    MCSE Mobility 2018. Expert on SCCM, Windows 10, ALOVPN, MBAM.

    • Proposed as answer by yannara Tuesday, June 18, 2019 7:41 PM
    • Unproposed as answer by yannara Thursday, September 5, 2019 6:29 AM
    Tuesday, June 18, 2019 7:41 PM
  • Again extended, to 2026 now: https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/New-extended-support-dates-for-MDOP-tools/ba-p/837312

    MCSE Mobility 2018. Expert on SCCM, Windows 10, ALOVPN, MBAM.

    Thursday, September 5, 2019 6:29 AM