Learn about Bitlocker Management in Microsoft Endpoint Configuration Manager version 1910 – part 8 Migration

[anyweb]

Introduction

In this video (linked at the bottom of this post) I show you how you can migrate existing MBAM managed clients to Configuration Manager using the new BitLocker Management feature that was released in Microsoft Endpoint Configuration Manager version 1910.

In order for this to work you’ll need an existing MBAM standalone server(s) that is managing one or more clients. The recovery keys (and associated data) will be stored on that MBAM server as defined by the Group Policy settings you’ve configured for MDOP.

Before the MBAM Migration scenario

The screenshot below shows the MBAM GPO which is linked to the MBAM Clients OU. From there MBAM managed clients get group policy telling them to report to the MBAM server and upload compliance data and recovery keys.

The Configuration Manager server is only used at this point to deploy the MBAM client agent to resources in the MBAM Clients collection (which has a membership query to look for resources in the MBAM Clients OU).

 

After the MBAM Migration scenario

In the below screenshot you can see the ConfigMgr database on the left, and the MBAM database on the right, the client that was managed by MBAM is now managed by ConfigMgr and the key and it’s associated data is migrated over to ConfigMgr.

When you migrate clients from MBAM to Bitlocker Management within Configuration Manager, the recovery key and more data will be migrated and automatically populated in ConfigMgr’s database without you needing to do anything other than pre-configure BitLocker Management policy and target the desired computers to be migrated with that policy.

As a rule, keep the settings in the MBAM GPO the same as in your ConfigMgr Bitlocker policy otherwise you may get conflicts and as a result, unexpected results.

The following links should help you get MBAM setup in a lab so you can practice the migration yourself.

• https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/evaluating-mbam-25-in-a-test-environment
• https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/solutions/how-to-download-and-deploy-mdop-group-policy–admx–templates
• https://www.microsoft.com/en-us/download/details.aspx?id=55531

also to note that setting up MBAM from scratch is covered in a book i wrote here https://www.niallbrady.com/book/

This is part 8 from a 10 part video series on youtube.

• BitLocker management – Part 1 Initial setup
• BitLocker management – Part 2 Deploy portals
• BitLocker management – Part 3 Customize portals
• BitLocker management – Part 4 Force encryption with no user action
• BitLocker management – Part 5 key rotation
• BitLocker management – Part 6 Force decryption with no user action
• BitLocker management – Part 7 Reporting and compliance
• BitLocker management – Part 8 Migration
• BitLocker management – Part 9 Group Policy settings
• BitLocker management – Part 10 Troubleshooting

Take a look !