Endpoint Management
Migrate Bitlocker from MBAM to ConfigMgr
Last modified 6/26/2020
About
Use this guide to move your current MBAM configuration to Microsoft Endpoint Configuration Manager.
Overview
BitLocker in Configuration Manager requires that your existing MBAM configurations are removed, so the ConfigMgr client can take its place. In order to migrate, we need to do the following actions:
- You will need to unlink any of your GPOs that relate to Bitlocker & MBAM.
- Remove any current deployments of the MBAM client
- Start deploying a ConfigMgr BitLocker Policy
You do not need to uninstall the MBAM client from your devices. ConfigMgr can use the existing MBAM client.
You do NOT need to decrypt devices that are already encrypted.
Getting Started
Remove MBAM Group Policy Links
- Open the Group Policy Management Console and navigate to your where your MBAM GPO is being linked.
Example: Tech Solutions GPO is named "Endpoint Computer -MBAM"
- From the left pane, right-click on your policy, and select Delete.
- Confirm deletion.
- Continue this process until you remove all of the links of your MBAM GPO in your OUs.
Remove MBAM Client Deployments
- Open the Configuration Manager console and navigate to Software Library > Application Management > Applications.
- Select ISU MBAM 2.5.1147.0 (or our team's MBAM application) and then select Deployments in the bottom pane.
- In the list of deployments, right click on each of our deploys and select Delete.
- Continue this process untill all of them are removed.
Deploy ConfigMgr BitLocker Policy
Follow guide below on deploying a ConfigMgr BitLocker Policy.