![]() ![]() This profile will be used to encrypt new devices as well. Create and deploy an encryption profile to all devices to make sure we catch any decrypted devices.Deploy a PowerShell script using MEM to make all currently encrypted devices upload their Bitlocker recovery passwords.In this post we will use the device encryption report in MEM to find any decrypted devices that needs to be handled. (optional): Export Bitlocker data from Active Directory (AD).We will start by exporting data from the MBAM server to an Excel Spreadsheet. ![]() All encrypted devices are running Windows 10 with TPM 1.2 or above.Bitlocker recovery passwords are stored in “Microsoft Bitlocker and Monitoring Administration” (MBAM).Bitlocker settings are applied by using traditional AD “Group Policy Objects” (GPO).In this blog post divided into three parts we will look at how to move from traditional Bitlocker management to Microsoft EndPoint Manager (MEM).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |