Bitlocker setting for Fixed Drive Bitlocker setting for Fixed Drive So as part of the BDE for fixed drives, I have the following settings configured. There are many options for you to choose when a fixed drive is present, and this is where I had the problem with the end-user experience. When you create a policy with OS drive encryption and deploy it, the BDE process is seamless, and there is no UI prompt to the user, and it just works fine. Since the customer has a mix of devices with fixed drives, the policy should contain the Bitlocker settings for both OS and fixed drive. The Bitlocker policy helps you configure the drive encryption policy for OS drive and fixed drives. Clients were using token-based authentication for CMG. The Cloud Management Gateway was using public cert (Digicert). Just to give some information on the SCCM infrastructure, the customer was using ConfigMgr 2002 build with eHTTP and is self-signed certs. I was recently working with a customer who wants to implement the Bitlocker management using Configuration Manager 2002 and helps to eliminate the need of storing the keys in AD. For deployment and configuration of Bitlocker management using Configuration Manager, please refer to the Microsoft Documentation. The clients that are not on-prem domain joined, will not be able to authenticate with the recovery service to escrow keys.įor more information on how to set up the Bitlocker and deploy the policies, please refer to the Microsoft Documentation. You will not be able to use the Bitlocker features for clients that are Azure Active Directory-joined, workgroup clients, or clients in untrusted domains. The Bitlocker functionalities that exist in Configuration Manager 1910 onwards, only supports the clients that are on-prem and joined to Active Directory ONLY. Starting with Configuration Manager 1910 onwards, Bitlocker features that were available in MBAM are now fully integrated into ConfigMgr and allows you to manage the Bitlocker drive encryption (BDE) for your windows clients without requiring any additional tools.įrom Configuration Manager 2002 onwards, the Bitlocker management feature is no more a pre-release feature. This blog post describes how to fix SCCM Bitlocker prompt for fixed drives when integrated the MBAM features with Configuration Manager.
0 Comments
Leave a Reply. |