Endpoint Management

Migrate Bitlocker from MBAM to ConfigMgr

Last modified 6/26/2020

About

Use this guide to move your current MBAM configuration to Microsoft Endpoint Configuration Manager.  

Overview

BitLocker in Configuration Manager requires that your existing MBAM configurations are removed, so the ConfigMgr client can take its place. In order to migrate, we need to do the following actions:

  • You will need to unlink any of your GPOs that relate to Bitlocker & MBAM.
  • Remove any current deployments of the MBAM client
  • Start deploying a ConfigMgr BitLocker Policy

You do not need to uninstall the MBAM client from your devices. ConfigMgr can use the existing MBAM client.

You do NOT need to decrypt devices that are already encrypted.

Getting Started

  1. Open the Group Policy Management Console and navigate to your where your MBAM GPO is being linked.
    Example: Tech Solutions GPO is named "Endpoint Computer -MBAM"



  2. From the left pane, right-click on your policy, and select Delete.



  3. Confirm deletion.



  4. Continue this process until you remove all of the links of your MBAM GPO in your OUs.

Remove MBAM Client Deployments

  1. Open the Configuration Manager console and navigate to Software Library > Application Management > Applications.



  2. Select ISU MBAM 2.5.1147.0 (or our team's MBAM application) and then select Deployments in the bottom pane.



  3. In the list of deployments, right click on each of our deploys and select Delete.



  4. Continue this process untill all of them are removed.

Deploy ConfigMgr BitLocker Policy

Follow guide below on deploying a ConfigMgr BitLocker Policy.

Deploying a BitLocker Policy using Configuration Manager