Customers not using Config Manager can utilize the built-in features of Azure AD and Microsoft Endpoint Manager Microsoft Intune (MEMMI) for administration and monitoring, see Monitor device encryption with Intune
I have thesame problem and there does not seem to be a clear answer here. I have hundredsof clients that have bitlockered successfully and register with MBAM but alsohave hundreds of machines that have encrypted and not checked in with MBAM.
Microsoft Bitlocker Administration And Monitoring Client Download
Download Zip: https://tinurli.com/2vJLN5
After a Workspace ONE Baseline is assigned/updated or a device completes enrollment, the Workspace ONE Intelligent Hub will download the Baseline from Workspace ONE. The Intelligent Hub will process the metadata and store this metadata under the following directory: %ProgramFiles(x86)%\Airwatch\AgentUI\Baseline. Before attempting to apply the Baseline, the Intelligent Hub will generate backups of the current policies on the device, which will be used for reverting the policies when the Baseline is removed. The Intelligent Hub along with other clients on the device process the metadata and apply all of the policies. Please note that although policies are applied, some policies require a device reboot to fully apply. Therefore, policy compliance is sent back to Workspace ONE after a device reboot.
I see the bitlocker management policy in Config Manager. When I click Evaulate it goes through. However, the MBAM client is not installing by itself. It used to be seamless once the policy is pushed. I don't see the FVE\MDOPBitlockerManagement in registry, don't see MDOP/MBAM in programs and features, there is also no BitlockerManagement_GroupPolicyHandler.log. So it seems like the policy was pushed down but then there is a disconnect somewhere.
After following this guide I was able to update my environment to ConfigMgr 2010 with the Hotfix KB and everything thing appears to be function as before with the exception of my Window Updates for client deployments. They never download on the clients
The first time users log in to an application protected by the web-based Duo Universal Prompt or traditional Duo Prompt with the Device Health application policy set to require the app, Duo prompts them to download and install the Duo Device Health application. After installing the Device Health application, Duo blocks access to applications through the Duo browser-based authentication prompt (when displayed in a browser or in a supported thick client's embedded browser) if the device is unhealthy based on the Duo policy definition and informs the user of the reason for denying the authentication.
Note that if your users find that the download button isn't functional, they may be authenticating from a non-browser client application (like Outlook), or the page displaying the Duo prompt prevents the download. If this is the case, suggest the users try a different Duo-protected application without those limitations, or distribute the app directly to your users via emailed download links or managed deployment.
If you'd like to notify your users of the new Device Health application requirement and give them the chance to install the application ahead of time, you can send these client download links to your users: 2ff7e9595c
Commentaires