One feature I am really excited about that are coming to Configuration Manager is the Integration of he MBAM server features. This will save us time and money because we don’t have to use separate servers for MBAM. We don’t have to manage and update neither the MBAM client or the Server backend. I wrote a post on what is new in 1908 technical preview here: https://ccmexec.com/2019/09/sccm-integrated-mbam-services-in-technical-preview-180-2/
In 1909 TP we got more features basically we got the posibility to install both the Helpdesk portal and the self-service portal that is included in MBAM. This is great because then we have those features separate from the SCCM Admin console.
I had to try this out of course: Before I installed the portals I had to install the Prereq: ASP.NET MVC 4.0 (I actually forgot and had to go back and install it when the self-service portal didn’t load.)
To install it we need to copy the following files, mbamwebsite.cab, mbamwebsiteinstaller.ps1
I copied them from the ConfigMgr install Dir to a temp directory:
Before I run the PowerShell command I created the three groups neded:
Then I ran the following command line in my environment to setup both the portals in my SCCM Primary site server:
.\MBAMWebSiteInstaller.ps1 -SqlServerName CMTP5.intra.ccmexec.local -SqlDatabaseName CM_TPM -ReportWebServiceUrl https://cmtp5.intra.ccmexec.local/ReportServer -HelpdeskUsersGroupName intra\mbamhelpdesk -HelpdeskAdminsGroupName intra\mbamAdmins -MbamReportUsersGroupName intra\MBAmreports -SiteInstall Both
And it worked the first time!
The scripts created the websites, reports and sets the correct permissions. So if we look in IIS manager we have the new websites there:
Browsing to HTTPS://cmtp5.intra.ccmexec.local/Helpdesk and the helpdesk portal works as expected and looks exactly as it did in MBAM before.
The same goes for the Self-Service Portal.
I accept the user agreement and then I can request my recovery keys.
We have new reports as well, and after the fix that is documented here: https://docs.microsoft.com/sv-se/sccm/core/get-started/2019/technical-preview-1909#general-known-issues they worked as well.
This is great news! Now we just need to hold our fingers crossed that it will make it in the Configuration Manager 1910 release!
5 thoughts on “MBAM integration in Configuration Manager 1909 TP”
Whould this also mean that you could use this on customers who currently do not have access to MDOP?
There are no offical documentation yet, hopefully licensing will be announced when MBAM integrated ships in SCCM CB.
I am curious how this will work when tranisitioning from MBAM to ConfigMgr management. Do we know if the MBAM client must first be removed to begin ConfigMgr management of BitLocker? Or, can I migrate everyone to using ConfigMgr for BitLocker management and then uninstall the MBAM client?
have you already had a look on the TP 1910?
I have got it installed and when I create a new Policy, there are more Options now. For storing the Key-Package not in Plain-Text, I need to install a Bitlocker Management encryption certificate, but I can’t find any Information about it.
Do you have an Idea how to move on?