Jump to content


Deepak Verma

BitLocker configuration in SCCM v2002

Recommended Posts

Team,

Did anybody tried Standalone Bitlocker configuration in SCCM 2002 . There are hardly any guide available on Internet.

Kindly share your thoughts & observations..

I am trying to configure in my Hyper V Lab  with Gen1 VM. Client did get the MBAM agent installed but the policy was not applied the way...it was configured into the console.

Thanks

Share this post


Link to post
Share on other sites

A Gen1 VM won't encrypt, as you can't add a Virtual TPM to Gen1 hyperv virtual machines. Use a Gen 2 VM instead and enable the virtual TPM.

if you follow my guides here you'll be fine, CM2002 just offers more possibilities including the ability to properly enforce encryption without the workaround i posted for CM1910

https://www.niallbrady.com/2019/11/13/want-to-learn-about-the-new-bitlocker-management-in-microsoft-endpoint-manager-configuration-manager/

if you run into an issue please let me know

Share this post


Link to post
Share on other sites

Hi,
I created a Gen 2 Hyper V  virtual machine with Windows 1o v1909 . 

Recreated the MBAM policy on my SCCM TP 2002 console.

MBAM agent was successfully installed.  But the Policy is not working just the way it was configured....

Also, to my surprise , even before Encryption starts , The Control Panel Applet shows as Bitlocker - Complaint.

Attached is the log file for reference.

Thanks

Capture.PNG

BitlockerManagement_GroupPolicyHandler.log

Share this post


Link to post
Share on other sites

all the configuration manager baseline is showing as compliant is the settings, this means it has set those settings (in the registry and local group policy) and therefore it has done it's job, that's why it's compliant, the actual encryption is carried out on demand by the MDOP agent based on the settings you've configured.

Is there a Virtual TPM in this virtual machine (look in device manager to confirm it's presence) ?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.