Is it possible to move laptops encrypted with Bitlocker over to link with MBAM 2.5

Our laptops are encrypted with Bitlocker on an individual basis. Recently set up MBAM 2.5 on a server and got it functioning. Is there a way to move the Bitlocker systems over so they can be monitored by the MBAM admin server?
bostonianAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David Johnson, CD, MVPOwnerCommented:
f a machine is already BitLocker-encrypted before the MBAM client is installed, then when the MBAM client is installed, the recovery key is extracted from the machine’s local store and sent to the MBAM SQL Server database.  It cannot be pulled from AD http://bit.ly/1Cpc8kc
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
btanExec ConsultantCommented:
You need to deploy the MBAM agent onto the workstation either using your Enterprise central push down via SCCM (if you have) or using AD for the installer package (32-bit or 64-bit MbamClientSetup.exe files, or the 32-bit or 64-bit MBAMClient.msi files, which are provided with the MBAM software)  to be deploy into the bitlocker workstation.

Importantly, good to check the pre-req for the client and server supported first before setting the GPO and deploying the agent etc .. First off is to get the MBAM GPO template into the machine with GPMC - do check out the references for more information.

One point to note is that when the MBAM agent is deployed to clients, it will in common enables a user- or policy-initiated encryption of the local volumes using BitLocker and stores the recovery key in the MBAM SQL Server database for easy lookup by the user or the Help desk. However, in your case, since the machine is already BitLocker-encrypted before the MBAM client is installed, then when the MBAM client is installed, the recovery key will be extracted from the machine’s local store and sent to the MBAM SQL Server database.

So to ensure the MBAM backend console get in sync with client status, there is a sync timer involved and do see this suggestion
There is a 24 hr check delay when you make a machine as compatible from MBAM console.
To do remove the timer, delete the below 2 keys.
1-HKLM\software\microsoft\MBAM\HWExemptionTimer
2-HKLM\software\microsoft\MBAM\HWExemptionType
3-Restart the MBAM agent: (BitLocker management client service)
https://social.technet.microsoft.com/Forums/windows/en-US/c12d96de-d66b-4945-8d27-218e4a0346bf/how-to-manage-bitlocker-through-mbam-of-already-encrypted-machine?forum=w7itprosecurity

Overall, in your case, do note this to as check points to make sure you see as you deploy them
-MBAM agent installed on windows 7 client will push the recovery keys to MBAM SQL database.
-Reports will show compliance status based on GPO configured for MBAM.
-If your volume is encrypted with bitlocker, but MBAM GPO are not configured the your machine status will be non-compliant.
-To get a compliant machine status, you need to enable GPO for MBAM under operating system drive to enabled.
https://social.technet.microsoft.com/Forums/windows/en-US/6316aab0-c823-4d03-a697-7933ebf1e1fa/bitlocker-administration-and-monitoring-mbam-and-clients-that-are-already-encrypted?forum=mdopmbam

Main reference guidance which is good to run through (really)
-Prerequisites for MBAM 2.5 Clients - https://technet.microsoft.com/en-us/library/dn645378.aspx
-Deploying the MBAM 2.5 Client - https://technet.microsoft.com/en-us/library/dn656925.aspx
-Planning for MBAM 2.5 Group Policy Requirements - https://technet.microsoft.com/en-us/library/dn645338.aspx
-Overall MBAM 2.5 Planning Checklist - https://technet.microsoft.com/en-us/library/dn645385.aspx
0
bostonianAuthor Commented:
Thank you, great links
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Applications

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.