locked
MBAM reports gone after integrating to SCCM 1910 RRS feed

  • Question

  • Hi all,

    We have issues with the automatic encryption of MBAM from the client machines. We have an MBAM on-premise which is integrated with SCCM 1902 for the automatic deployment of agents, while the implementing of MBAM policy was through the GPO in AD

    Was told to upgrade the SCCM to 1910 and use the BitLocker Management feature to have automatic deploying of agents and encryption to client machines

    After upgrading and enabling SCCM 1910 BitLocker Management, we checked the MBAM reports from SCCM

    The number of encrypted machines was decreased from 4000+ to 74

    and also the number of machines with MBAM agents, from 7000+ to 200+ 

    Does anyone also encountered these?

    Appreciate any feedbacks. Thank you. 

     

    Tuesday, August 11, 2020 3:42 AM

All replies

  • Implementing BitLocker Management in ConfigMgr doesn't just take over for MBAM. It's more or less a reimplementation of MBAM within ConfigMgr including setting up policies and removing the existing GPOs so that the clients will report to ConfigMgr instead of your MBAM implementation. The reports are reflecting only those clients that are currently reporting their BitLocker info to the ConfigMgr instance as these reports have no insight into your MBAM implementation.

    Have you read through and implemented everything at https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/deploy-management-agent?

    Have you deployed BitLocker policies from ConfigMgr?

    Have you updated or (better yet) removed your GPOs for BitLocker and MBAM management?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, August 11, 2020 1:58 PM
  • Thank you for answering. :)

    Have you read through and implemented everything at https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/deploy-management-agent? Not yet implemented and I also checked on other guide that the recovery keys will be stored on the SCCM database, is there an option to point it to MBAM database?

    Have you deployed BitLocker policies from ConfigMgr? We haven't created nor deployed policies from BitLocker ConfigMgr, we did not continue because of the reports.

    Have you updated or (better yet) removed your GPOs for BitLocker and MBAM management? Not yet, removing the BitLocker GPO in AD what will happen to the current encrypted machines and their recovery keys?

    The reports are reflecting only those clients that are currently reporting their BitLocker info to the ConfigMgr instance as these reports have no insight into your MBAM implementation. From the current pandemic situation not all employees are reporting to the office an d most of the PC are turned off.

    Wednesday, August 12, 2020 1:18 AM
  • > is there an option to point it to MBAM database?

    Yes, keep using MBAM. The whole point of using ConfigMgr is to escrow the keys to ConfigMgr.

    As noted, the built-in reports are about clients managed by ConfigMgr.

    You may be able to re-import the reports for MBAM though into SSRS.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, August 12, 2020 5:36 PM