New breath for MBAM


If you are using MBAM (Microsoft BitLocker Administration and Monitoring) to manage Bitlocker on your fleet, you are not without having the support end in July 2019.

Until a few days its future was not certain and we mostly heard that Bitlocker would be managed via Intune, but those who only work with SCCM, he had no solution apart from turning to a third-party solution, such as Dell DDPE, McAfee FileVaut & Bitlocker or even SecureDoc.

But to everyone's surprise Microsoft has planned this:

  • 1. BitLocker management in the cloud with Microsoft Intune
  • 2. On-premises BitLocker management using System Center Configuration Manager (SCCM)
  • 3. Microsoft BitLocker Administration and Monitoring (MBAM)

Option 1 - Manage Bitlocker in the Cloud Using Microsoft Intune

Microsoft Intune Endpoint.png


  • Preparation and Compliance Reports
  • Granular configuration of Bitlocker
  • Compliance, leveraging Intune's compliance policies
  • Key recovery audit
  • Key recovery in self-service or via an administrator, possibility for the user to recover it in the Web, iOS, Android, Windows and macOS “Company portal” application.
  • Key Management (2019 Current)
  • Migration from MBAM to cloud management (2019 stream)

Option 2 - On-premises BitLocker management using SCCM

Source: Twitter


  • Provisioning
  • Prepare the Trusted Platform Module (TPM)
  • Setting the BitLocker configuration
  • encryption
  • Adoption of the policy / remediation on the device
  • The new user can set a PIN / password on TPM and non-TPM devices
  • Automatic unlocking
  • Support portal with audit
  • Key rotation
  • Compliance report

Option 3 - Microsoft BitLocker Administration and Monitoring (MBAM)

The product will enter extended support from July 2019 and will be supported until July 9, 2024 by Microsoft. Since that date no new features will be integrated. Because Microsoft is investing in modern approaches that simplify and streamline BitLocker management for the business. MBAM remains a supported management tool for customers who are not currently using Microsoft Intune or System Center Configuration Manager.

Complete information in English on this page.


Steven Bart

Founder of - Vevey, Switzerland. I have been in IT since 2001, I work as a Workplace Architect and mainly deal with the administration of MEMCM (SCCM), the mass deployment of workstations and applications. Learn more about me.

    2 thoughts on “New breath for MBAM"

    • I need to learn as much as possible about Option 2

      • Hi, actually, Bitlocker Management in SCCM it's not possible, according to the information found on the Internet, this should be available at the end of the year with SCCM 1910, and for testing in Preview this Summer. Stay tuned


    Leave a comment

    Your email address will not be published. Required fields are marked with *