Microsoft
Microsoftalso looking forward to a well-documented migration path from MBAM 2.x to SCCM.
We can't use intune, and are also concerned with historical data, not just for non-repudiation, but also data recovery. if someone sticks their encrypted laptop in a drawer or safe or whatever and it falls out of SCCM, how do we then access the data if they forget their PIN? currently we can go to the MBAM website and recover, or in some cases the database will have the key even when the site says no recovery key found, even if the device has been offline for 3 or 4 years.
It doesn't happen often, but hopefully we won't need to restore our SCCM database just to recover a key or device encryption report. Some sort of historical record would be nice. Maybe start when the device shows up in SCCM, and a new entry for each time the status changes (encrypt/unencrypt/suspend/resume/etc)
