Bitlocker Administration with ConfigMgr 2002

Question

As per the new update in ConfigMgr 2002, we can do Bitlocker Administration with ConfigMgr Starting 1910

We have done fresh installation of ConfigMgr 2002 in the environment.

As per MS documentation ( https://video2.skills-academy.com/en-us/mem/configmgr/protect/plan-design/bitlocker-management#prerequisites )we do not need to make the entire ConfigMgr environment to HTTPS.

Starting CM 2002, HTTPS-enable the IIS website on the management point that hosts the recovery service. This option only applies to Configuration Manager version 2002.

Has anyone tried this way of doing the Bitlocker Management or it is recommended to configure the management point for HTTPS ( means entire SCCM environment to work on HTTPS - Servers and Clients )

Need 2 things :

Please send me a link which shows how to do in ConfigMgr 2002, only binding certificate to the IIS website of the MP without switching MP to work on HTTPS.
We would be ordering the certificate from GlobalSign ( Public Vendor ). Please send the details of certificate which we should be ordering ( Server Authentication Certificate )

Accepted Answer

you just need 1 cert and can be used for 3 virtual directories. you can follow this guide https://msendpointmgr.com/2020/04/02/goodbye-mbam-bitlocker-management-in-configuration-manager-part-1

Thanks,
Eswar

Answer

You dont need to convert the MP to https for the bitlocker service. As the guide says, if you are running http (self-signed) infra, you can get IIS binding configured with port 443 and enable the 3 virtual directories for SSL.
It works fine and have done this many times to customers.
You can refer this guide for more information https://msendpointmgr.com/2020/04/02/goodbye-mbam-bitlocker-management-in-configuration-manager-part-1/

Regards,
Eswar
www.eskonr.com
If the response is helpful, please click "Accept Answer" and upvote it.

Share via

Bitlocker Administration with ConfigMgr 2002

1 additional answer

Your answer