Since Group Policy is not applied during a SCCM Task Sequence, it’s important to tread carefully to ensure the policies and MBAM client are installed correctly when installing MBAM during an OSD process so you can keep your deployment smooth and error free. But MBAM Encryption is controlled by Group Policy. While MBAM can update its recovery data store when the agent is installed on a system that is already encrypted, it is preferable to have MBAM control the encryption process. If you read our previous post about Bitlocker, you will recall that BitLocker creates recovery information at the time of encryption and MBAM clients store that information in the recovery data store.
MBAM 2.0 may provide a richer experience for the SCCM admin. Because of customer demand, MBAM 2.0, has enabled MBAM management experiences, such as compliance reporting and hardware management, within the SCCM management console. The latter requirement consequently meant that MBAM could not take a dependency on System Center Configuration Manager (SCCM), so management tasks – like compliance reporting of BitLocker protected devices – would need to occur in another console. Microsoft’s strategy for MBAM 1.0 was to deliver a product that could scale to the largest size organizations, require the least amount of infrastructure, and could be run in any organization. Before I go into that fully, it should be mentioned that MBAM 2.0 has been released in Beta. In this article I’d like to discuss utilizing MBAM Based encryption from a Task Sequence from MDT, which can also be used in SCCM deployments.
0 kommentar(er)
