This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(35.2, 4%, 13%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi, We need to Migrate Bitlocker from MABAM to SCCM (Mbam integrate) but I can't seem to find information on if it will move the TPM key to SCCM or not.
We are running SCCM 2002 (soon to be upgraded to 2009)
MBAM server is 2.3 (We are in process of upgrading this to 2.5)
We would like to integrate MBAM with SCCM but also migrate recover key + TPM key.
I know recovery key will be moved but will the TPM key moved too, if not how do I move the TPM key without re-encrypting the drive.
Hi,
Just checking in to see if the information provided was helpful.
If the reply helped you, please remember to accept as answer.
If no, please reply and tell us the current situation in order to provide further help.
Hi @lalajee
Are you referring to TPM startup pin on the device?
If yes, that is specific to device and it is stored in TPM chip present locally on the device. So your during migration you don't have to worry about TPM pin. Just make sure the policy are replicated and there will not be any need for reencryption unless there is a bitlocker policy change
Regards
Aravinth
If this is helpful,kindly accept as answer
We are running SCCM 2002 (soon to be upgraded to 2009)
There's no such thing as 2009 and never will be (at least not prod versions).
Are you referring to the TPM Owner password? If so, why are you escrowing this at all? By default, Windows doesn't even store this -- it sets it and then throws it away.
Thats it TPM Owner password but does it not store a key into mbam server which can be use for somehting
Sorry, not sure what this comment means. Why do you want the owner password stored? As noted, Windows itself no longer does this so it's not even available to be stored anywhere.
@lalajee , TPM owner password is not stored remotely . As @Jason Sandys mentioned it sets and discards. Please refer the below microsoft document for your references.
Password sets and discards -Starting with Windows 10, version 1607, Windows will not retain the TPM owner password when provisioning the TPM. The password will be set to a random high entropy value and then discarded.
Password can oly be stored as a file -"Then you can create a new password, either automatically or manually, and save the password in a file or as a printout."
Regards
Aravinth
If this is helpful,kindly accept as answer
@lalajee , kindly let me know if the details were help ful.
Regards
Aravinth