11/1/2023 0 Comments Mbam windows 10![]() ![]() Right click “ RecoveryAndHardwareCore.Keys” and choose: “ Select Top 1000 Rows”.Navigate to: “ Databases” -> “ MBAM Recovery and Hardware” -> “ Tables” -> “ RecoveryAndHardwareCore.Keys”.On the MBAM SQL server open: “ SQL Management Studio”.Create RDP-session to the MBAM SQL server.This allows for us to have a backup in-case we need it after the MBAM servers have been shut down. If your current setup consists of an MBAM server it is a good idea to export all current MBAM data to an Excel spreadsheet. Note: Skip this step if your set up does not include MBAM. We will have a look at the admin and end-user experiences.We will look at the admin roles needed to get the Bitlocker recovery password from AAD/MEM.( Optional): In this post we will register an app to allow us to run Graph API queries to fetch Bitlocker recovery passwords. ![]() ![]() This profile will be used to encrypt new devices as well. Create and deploy an encryption profile to all devices to make sure we catch any decrypted devices.Deploy a PowerShell script using MEM to make all currently encrypted devices upload their Bitlocker recovery passwords.In this post we will use the device encryption report in MEM to find any decrypted devices that needs to be handled. (optional): Export Bitlocker data from Active Directory (AD).We will start by exporting data from the MBAM server to an Excel Spreadsheet.All encrypted devices are running Windows 10 with TPM 1.2 or above.Bitlocker recovery passwords are stored in “Microsoft Bitlocker and Monitoring Administration” (MBAM).Bitlocker settings are applied by using traditional AD “Group Policy Objects” (GPO).In this blog post divided into three parts we will look at how to move from traditional Bitlocker management to Microsoft EndPoint Manager (MEM). ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |