Jump to content


mrbspace

New Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by mrbspace

  1. Hi All I have 2 questions which i need clarification on. as im working through the planning stage to migrate a standalone mbam solution into my sccm solution. 1) Am I right in thinking that if I want to set up a new server for the new mbam portals , the only requirement from sccm is that I install the management role on it. Once thats on i can then go ahead and install the mbam portals then https enable them. 2) This brings me onto question 2. As i was reading the Microsoft article (https://docs.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/encrypt-recovery-data-transit) it states Note If your site has more than one management point, enable HTTPS on all management points at the site with which a BitLocker-managed client could potentially communicate. If the HTTPS management point is unavailable, the client could fail over to an HTTP management point, and then fail to escrow its recovery key. This recommendation applies to both options: enable the management point for HTTPS, or enable the IIS website that hosts the recovery service on the management point. So does this mean every management point i need to install the recovery service on AND then enable the IIS website? (Is this done when you run the ps scripts to create the portals??) OR Just make sure i have at least more than one? Especially if im thinking a global solution? Last thing Im migrating the current solution which has bitlocker group policies so if i deployed the sccm bitlocker policy would there still be a conflict even if i matched the policies? The reason why i ask is i noticed on Nials excellent videos that the reporting server changed. So i was trying to work out which reporting server would win? The sccm one or the current mbam server. My thinking is: 1) turn off group policy and deploy the sccm policy (testing and tweaking in test before prod) so no conflict and machines are instantly covered by the new sccm policy 2) I have to do a phased approach - cant turn off the old policy as machines are unprotected. If i deploy the sccm policy will there issues with machines reporting to the reporting server (ie group policy overriding the sccm reporting server) 3) I have to do a phased approach - either move machines to a new ou (highly doubtful) or create security group which is excluded from current bitlocker policies and add machines in here which get the sccm policy applied. Any thoughts most appreciated
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.