We currently use MDOP/MBAM integrated with configmgr and we use Active Directory for key storage and it works great. We primarily use MBAM for encryption enforcement and compliance. I have the self-service and help desk recovery portal setup but I have never really had a use for it in our environment. The biggest catch is that MBAM is only compatible with Windows Enterprise Editions (link below).
A couple other things I ran into are (though it is entirely possible I was doing something wrong); 1) That it would not recognize more than one AD group for the "MBAM Advanced Helpdesk Users", "MBAM Helpdesk Users" or "MBAM Report Users" groups. 2) Changing the group members of those 3 groups in the local users and groups console had no effect. In order to change the groups (if I needed to) I had to go into IIS Navigate down to Sites>MBAM>HelpDesk>Application Settings and manually edit the values the fields for "HelpdeskAdminsGroupName" (MBAM Advanced Helpdesk Users), "HelpdeskUsersGroupName" (MBAM Helpdesk Users), and MbamReportUsersGroupName" (MBAM Report Users). Thanks, Uriah Patton Systems Administrator IUSM Department of Pediatrics "It gives patience, to listen to error without anger." -Gandalf From: [email protected] [mailto:[email protected]] On Behalf Of Heaton, Joseph@Wildlife Sent: Thursday, April 6, 2017 6:18 PM To: 'NT System Admin Issues Discussion list' <[email protected]> Subject: [NTSysADM] Bitlocker/MBAM We're looking to implement Bitlocker when we migrate to Windows 10. I'm starting research of MBAM, and how to best implement. Does anyone have real world experience/advice on whether to integrate with Config Mgr, or go with the standalone topology? For those that are using MBAM, are you saving the recovery data in SQL, or Active Directory? Any major gotchas to look out for? Joe Heaton Information Technology Operations Branch Data and Technology Division CA Department of Fish and Wildlife 1700 9th Street, 3rd Floor Sacramento, CA 95811 Desk: (916) 323-1284 Every Californian should conserve water. Find out how at: <http://saveourwater.com/> <http://saveourwater.com/> SaveOurWater.com . <http://drought.ca.gov/> Drought.CA.gov
smime.p7s
Description: S/MIME cryptographic signature
