Event banner
Event details
Windows 11 HAAD joined managed just with Intune and Windows 10 HAAD joined and co-managed with MECM and MBAM server. Can BitLocker work on them without creating any conflicts, without migrating from MBAM server to MECM for BitLocker on Windows 10?
- Jason_Sandys
Microsoft
If I understand correctly what you are asking, yes although for clarity, what's your intent for managing BitLocker on each set up devices? Intune only? Keep in mind that Intune and MBAM are two different ways of managing BitLocker. MBAM uses an agent and escrows recovery keys to a separate MBAM database while Intune does not use an agent and saves RKs to either AD or AAD (or both) depending on the domain join state of the device. Both MBAM and Intune configure the same settings on a device though as far as BitLocker is concerned. Conflicts arise when you attempt to manage the same settings from two different management authorities thus as long as you don't do this, you won't have any conflicts. Also, keep in mind that the domain join state of a device plays no part in management really -- just calling this out for clarity as well.- Sorry, BitLocker with Intune for Win11 and with MBAM server for Win10.
- Yes, eventually the client wants to go full Intune and Windows 11. Windows 10 will remain until then as it is. I've asked because I was concerned by the fact that MBAM server, from MSDocs doesn't support HAAD machines. Thank you very much, a complete answer for me.
- Jason_SandysSorry, can you reference exactly where in the docs it says it cannot manage HAADJ Windows endpoints? Are you referring to the Important callout on https://learn.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/? If so, it doesn't say HAADJ can't be managed, it says domain joined can be managed and HAADJ is domain joined (they are also AAD registered but that doesn't change the fact that they are on-prem domain joined).
