We don't use Config Mgr in our environment but use MDT instead for deployment. There is a MBAM client that we install during the Task Sequences as well as a hotfix in order for clients to check in and for reports to run correctly. We chose to escrow keys into SQL and during the MBAM server install there are different AD groups you create for RW/RO to different databases such as Recovery/Compliance/Audit (it's been a year or 2 since I've deployed / upgraded). No real gotchas - in fact it's much easier with a clean standalone install versus and upgrade where you would have to sometimes uninstall MBAM roles/services.
I would say to review the MBAM ADM template as you'll want to deploy settings via GPO such as strength of Bitlocker encryption / how often for machines to checkin and a myriad of other settings. The main key is to setup the permissions correctly for the AD Groups with regarding access to the MBAM databases. https://technet.microsoft.com/en-us/itpro/mdop/mbam-v25/how-to-configure-the-mbam-25-databases I used this link in the past: https://kevinwanko.wordpress.com/2012/06/16/mbam-step-by-step-bitlocker-administration-and-monitoring/ Thank you, Ray [cid:9FE8CE67-4431-44CD-970D-6A632819929E] Raymond Peng Systems Engineer / IT Operations Direct: 650-577-5399 Email: raymond.p...@wageworks.com<mailto:raymond.p...@wageworks.com> From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, April 06, 2017 3:18 PM To: 'NT System Admin Issues Discussion list' <ntsysadm@lists.myitforum.com> Subject: [NTSysADM] Bitlocker/MBAM We're looking to implement Bitlocker when we migrate to Windows 10. I'm starting research of MBAM, and how to best implement. Does anyone have real world experience/advice on whether to integrate with Config Mgr, or go with the standalone topology? For those that are using MBAM, are you saving the recovery data in SQL, or Active Directory? Any major gotchas to look out for? Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: [SaveOurWater_Logo]<https://urldefense.proofpoint.com/v2/url?u=http-3A__saveourwater.com_&d=DwMFAg&c=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ&r=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk&m=mXvpnPkwIp_ZQl-mQU2SR9wmqOw2oCzyBEXPED6F3UU&s=clsNnAMf4TfY0wcuaxsv_UrnHX70U8ZyySRzHnLJfQs&e=> SaveOurWater.com<https://urldefense.proofpoint.com/v2/url?u=http-3A__saveourwater.com_&d=DwMFAg&c=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ&r=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk&m=mXvpnPkwIp_ZQl-mQU2SR9wmqOw2oCzyBEXPED6F3UU&s=clsNnAMf4TfY0wcuaxsv_UrnHX70U8ZyySRzHnLJfQs&e=> * Drought.CA.gov<https://urldefense.proofpoint.com/v2/url?u=http-3A__drought.ca.gov_&d=DwMFAg&c=w9CZ9mC6OBWt9gnv7A4za6QbJkLPbwMyIcSTDqPvWdQ&r=Um-EfZ8XPPNvrJRyt3QkeGfUn_yAbG573Lgo62VFbJk&m=mXvpnPkwIp_ZQl-mQU2SR9wmqOw2oCzyBEXPED6F3UU&s=_zQ6N9AyO4vmoS1uv0y7pRv6Hay5xEZRkLbpr3927Cw&e=>
