Jump to content


Damo

Migrate MBAM Bitlocker to Intune/Endpoint Manager During Upgrade

Recommended Posts

I am looking to get our clients to migrate from MBAM to Bitlocker on MEM Intune during an OS Upgrade deployed via SCCM, has anyone managed to do this successfully if so, any advice please im struggling with where to start?

 

Thank You

Share this post


Link to post
Share on other sites

so let me get this straight, you currently have an MBAM infrastructure to manage recovery keys etc of your BitLockered computers, and these computers have the SCCM client on them also, you want to deploy and os upgrade via sccm to get them into Intune, is that what you want ? do you mean co-managed (as in configmgr client is installed and Configmgr handles some workloads, intune handles the rest) ?

or do you want these devices/computers to be Intune only managed ? please explain....

Share this post


Link to post
Share on other sites

Apologies, for the delay, let me just explain what im trying to do and what I've done in preparation.

 

I've connected my SCCM instance to Intune and setup pilot Intune and offloaded some of the workloads for what i need to Intune.  I've targeted a collection for this and based it on a specific OS Version.  I have created policies in Intune to manage the Disk Encryption.  I've tested building PCs to 20H2 with a task sequence that wipes and configures them from scratch and they drop into the collection pick up the policy and the PCs happily encrypt via Intune great.

What im doing now is creating another task sequence that will in place upgrade my Windows 1809 clients to 20H2, the issue I have is im not sure what steps are needed during the migration regarding encryption on these clients, they currently are encrypted with on premise MBAM rules, the current 1809 clients aren't managed by Intune whatsoever.  I cant work out in my head and from reading guides quite how i can move the encryption to Intune, do they need unencrypting during the upgrade task sequence and the TPM cleared or is there a way to move them without these steps needed?  They are currently AES256 encrypted in MBAM and Intune policy is set to AES256 XTS.

 

Thanks

Edited by Damo

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...