Installing MBAM 2.0 with integration to SCCM 2012 and CAS

All replies

• 

  

  0

  Sign in to vote

  Steps:

  On CAS server, install the Reporting Point Service Role.

  On System Center Configuration Manager Primary Site Server:

  • Create or edit the sms_def.mof file and configuration.mof file required for MBAM 2.0 manually.
  • Run MBAM 2.0 Setup and under Topology, choose System Center Configuration Manager Integration.
  • Select the Feature “System Center Configuration Manager” and proceed for Pre-requisites check.
  • All Pre-requisites check must be passed and complete the installation successfully.

  On Standalone Server: - SQL Server.

  • Run MBAM 2.0 setup and choose Configuration Manager Integration.
  • Do not select System Center Configuration Manager feature.
  • Install the Recovery Database and Audit Database on the Database Server and reporting.

  On Standalone - Web Server.

  Run MBAM 2.0 setup and choose Configuration Manager Integration.

  • Select only the MBAM Admin and Monitoring Feature and Self Server Portal on the Web Server.

  ---

  Manoj Sehgal

  • Proposed as answer by manojsehgalMicrosoft employee Thursday, August 15, 2013 1:42 AM
  • Marked as answer by Polo_Y Thursday, September 5, 2013 5:42 PM

  Thursday, August 15, 2013 1:42 AM
• 

  

  0

  Sign in to vote

  Hi Manoj,

  Is there any difference while installing the rest of the MBAM features in the stand alone topology and installing the CM integration feature on SCCM Server?

  I have a stand alone MBAM environment. Now I want to integrate it with SCCM. Do we have to necessarily install web feature and the DB feature of MBAM with the "System Center Configuration Manager” topology. Or we can install the MBAM Features with stand alone topology and then we will install the CM integration features on the SCCM server in the "System Center Configuration Manager” topology.

  Will this work in the very same or do we have to follow the un-install approach then install the web features and DB features of MBAM in the "System Center Configuration Manager” topology?

  ---

  Gaurav Ranjan

  Friday, August 16, 2013 5:42 AM
• 

  

  0

  Sign in to vote

  you will need to uninstall MBAM 2 from standalone and install it using Config Mgr topology.

  ---

  Manoj Sehgal

  Friday, August 16, 2013 9:59 PM
• 

  

  0

  Sign in to vote

  Dear Manoj,

  Do I need to seperate MBAM 2.0 DB and Web server on different server or can I combine the two standalone into one which hosts everything except "System Center Configuration Manager" feature?

  In addition, will I need to setup and deployed the MBAM client package manually to the managed devices or is that automatic?

  Thursday, September 5, 2013 5:39 PM
• 

  

  0

  Sign in to vote

  You can install MBAM features in a Single Server Configuration and SCCM will be on another server.

  You can also deploy the MBAM Client automatically with the help of any Electronic Distribution System like SCCM or MDT. But make sure for SCCM integration, you will need to install the MBAM features in the SCCM integration topology instead of the stand alone.

  ---

  Gaurav Ranjan

  • Marked as answer by Polo_Y Wednesday, September 25, 2013 5:06 PM

  Friday, September 6, 2013 5:37 AM
• 

  

  0

  Sign in to vote

  Hi Manoj,

  I did not get any Configuration.MOF file on my primary site. however its on my CAS.If i edit this file on CAS then where do i import the sms_def.MOF file and where i will run the installer of MBAM, on CAS or primary site?

  my environment is SCCM 2012 R2 and MBAM 2.0 SP1.

  ---

  Thanks Chandan

  Friday, March 28, 2014 5:23 PM
• 

  

  0

  Sign in to vote

  For the integration, it is needed to perform the following steps:-

  - Append the MBAM Classes to the configuration.mof file on the CAS
  - Import the sms_def.mof file to the default client settings on the CAS.
  - Run the MBAM installer in SCCM integration topology to install the SCCM integration feature of MBAM on CAS.

  All of the settings implemented with the installation of the SCCM integration on the CAS will automatically be replicated to the primary site. Check the property of the default client settings on the primary site to verify the changes made to the default client settings on CAS.

   

  ---

  Gaurav Ranjan

  Monday, March 31, 2014 4:27 AM
• 

  

  0

  Sign in to vote

   

  At Ignite 2016, Tanner Slayton explained in his presentation "Deploy and Manage Bitlocker using MBAM"

  https://channel9.msdn.com/Events/Ignite/2016/BRK3100 https://www.youtube.com/watch?v=huSiZdLcyKk

  Staring 45 minutes into it, that YES you can (and should if you are in healthcare) install MBAM 2.5 in standalone mode, and then add the SCCM integration part so that you can do all of your administration and reporting from within the SCCM admin console without losing compliance data.  The benefit is that all of the compliance data will be for ever stored in the standalone MBAM database (not the SCCM database) and will not be deleted when the stale computer object in SCCM get purged out after 60-90 days-ish.  Maintaining the history of the compliance data, being able to prove that a stolen laptop was encrypted so that data at rest is protected is a healthcare business requirement, because HIPAA requires that all personally identifiable information (names, phone numbers, credit cards, healthcare records) be protected.  I recommend that Microsoft update their TechNet MDOP documentation and fully support and recommend this implementation.

  ...any other thoughts or comments from Microsoft staff???

  
  

  ---

  Regards, Kurt

  
  
  
  
  

  • Proposed as answer by KurtGP Friday, January 20, 2017 4:34 PM
  • Edited by KurtGP Friday, January 20, 2017 4:49 PM typeos

  Friday, January 20, 2017 4:33 PM