If anyone has any suggestions I would appreciate your feedback and ideas. Getting started with MBAM 2.5 Before you start planning your MBAM deployment, review the following topics. I also looked at my OSD processes and I am not encrypting the drives as part of OSD because the current iteration of OSD only supports AD storage of recovery keys and not Config Manager storage (when is this going to be updated to support Config Manager?). Microsoft BitLocker Administration and Monitoring Deployment Guide Before you deploy MBAM to a production environment, we recommend that you validate your deployment plan in a test environment. I am going to have to go through all of these non-compliant computers and correct them but I would like to better understand how to avoid this issue in the first place. It appears that the computers with the issue are using a default encryption setting and then later they are receiving the policy and then reporting non-compliance. I discovered the issue when looking at reports of non-compliance and the impacted computers show non-compliance error 16 which corresponds to the incorrect cipher. Also, in some test cases I have manually decrypted the drives on the problem computers and let policy re-apply and the result is that the drives are encrypted using AES 256. Looking into the local computer policy it appears that the cipher settings are getting consumed from the Config Manager policy. Some of the client computers are still getting encrypted with AES 128 bit cipher strength and I don't understand why. We have deployed MDOP MBAM using Configuration Manager Branch Version and we developed Bitlocker Encryption policy that uses ASE 256 bit cipher strength. I am experiencing an issue with some computers in my organization.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |