BitLocker Management, also known previously as Microsoft BitLocker Administration and Monitoring(MBAM), has been around MECM for a little while now. Whether a move from an old stand-alone MBAM server, hosted on a Windows Server 2012 R2 for example, or simply a wish to go the extra mile compared to BitLocker with AD backup, it is still a good idea up to today to implement it. In this blog post, we will configure SCCM MBAM Integration with SCCM with detailed steps. SCCM MBAM Integration Prerequisites For more details on the prerequisites, see Microsoft Docs. Create BitLocker Management in SCCM For more details on Creating the BitLockerment Management policy, see Microsoft Docs Configure the BitLocker management web portals There are 2 portals that can be installed in support of BitLocker Management. Helpdesk Portal, is made for IT folks to request the recovery key after an end-user has an issue and the Self-Service … Read More
How to fix SCCM Bitlocker prompt for fixed drives
This blog post describes how to fix SCCM Bitlocker prompt for fixed drives when integrated the MBAM features with Configuration Manager. Introduction Starting with Configuration Manager 1910 onwards, Bitlocker features that were available in MBAM are now fully integrated into ConfigMgr and allows you to manage the Bitlocker drive encryption (BDE) for your windows clients without requiring any additional tools. From Configuration Manager 2002 onwards, the Bitlocker management feature is no more a pre-release feature. The Bitlocker functionalities that exist in Configuration Manager 1910 onwards, only supports the clients that are on-prem and joined to Active Directory ONLY. You will not be able to use the Bitlocker features for clients that are Azure Active Directory-joined, workgroup clients, or clients in untrusted domains. The clients that are not on-prem domain joined, will not be able to authenticate with the recovery service to escrow keys. For more information on how to set … Read More
Windows 10 Intune and Autopilot Customization
With the latest updates Microsoft released to Intune and Autopilot, it is becoming more realistic to leave the task sequence behind in favour of using Autopilot with Intune to deliver the computer standards required by an enterprise. While it will not be possible for all scenarios, a standard PC used for administrative tasks can be delivered with many, if not all, of the required windows 10 intune autopilot customization. While many of our previous Windows 10 Customization tricks are still gonna be useful, the delivery will be different from simply running various scripts from a Task Sequence. In this post, we will go over multiple Windows 10 customization all done with Intune in order to leverage Windows Autopilot. The ultimate goal is to be able to replicate a standard deployment made with a Task sequence from SCCM or MDT This post is part of a series on Windows Autopilot that … Read More
How to use the Windows 10 Security baseline
Microsoft has been releasing Security baseline since the Windows XP days. Windows 10 is no exception to this, except now there’s a new release of security baseline following each major build of Windows 10. The concept of the Security Baseline is to provide Microsoft guidance for IT administrators on how to secure the operating system, by using GPOs, in the following areas : Computer security User security Internet Explorer BitLocker Credential Guard Windows Defender Antivirus Domain Security Implementing the security baseline in GPOs is not a complex or long task. The challenge that the security baseline provide is that it will expose areas of the environment that are not secure. This means that to follow all Microsoft security guidelines, it would be required to fix many other systems outside of Windows 10 to achieve this. In this post, we will describe what is the Security baseline, how to use them … Read More