Create and Configure BitLocker Management in Configuration Manager
This is my first blog, and sorry if it's not fancy, but I want to share what one of my clients asked me to implement for them. They were managing BitLocker via AD.
As many of you are aware, Microsoft stopped developing MBAM. Many companies started managing their BitLocker via SCCM or Intune.
Today in this short post I will discuss how to Setup, Configure, Deploy, and Test BitLocker in SCCM, hopefully this will help. I will do the Intune later.
- You will need to create 3 different Security Groups in AD and then add users and admins to each one. The group's name depends on each company and how they like it to be.
In the SQL server you have to Create, Backup, Restore, and Verify the BitLocker management encryption certificate. Make sure you have a "sysadmin" role in the SQL server to do that.
Create Both Admin and User Portals by running the script "MBAMWebSiteInstaller.ps1" with this cab file "MBAMWebSite.cab" the script can be found in SMSSETUP\BIN\X64 in the site server. Make sure to replace anything in the command line to match your environment:- .\MBAMWebSiteInstaller.ps1 -SqlServerName <ServerName> -SqlInstanceName -SqlDatabaseName <DatabaseName> -ReportWebServiceUrl <ReportWebServiceUrl> -HelpdeskUsersGroupName <DomainUserGroup> -HelpdeskAdminsGroupName <DomainUserGroup> -MbamReportUsersGroupName <DomainUserGroup> -SiteInstall Both
You can check if both portals are created by checking IIS.
Now both are installed you can navigate to the URL of each portal, the self-service portal looks like this below:-
- The Admin portal is like this below:-
- https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/setup-websites
- https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/encrypt-recovery-data
- https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/setup-websites
- https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/helpdesk-portal
Comments