Bitlocker Recovery Service MP on IBCM or Secondary Site Server MP

Question

Hello All,

We have enabled BitLocker Management feature in our standalone primary site server which is on version ConfigMgr 2002. Functionality is working fine in environment. However all clients are using primary site server MP as Recovery Service MP.

We also have IBCM MP and few Secondary Site Servers deployed in our environment. All Site Servers and Clients are installed with PKI certificates. Clients are communicating fine over HTTPS. IBCM MP and Secondary Site Server MP IIS also shows the SMS_MP_MBAM as virtual directory installed. However clients from respective secondary site server location are not connecting / using secondary site server MP as their Bitlocker recovery service MP. ALso clients over internet are not able to use IBCM MP as Bitlocker recovery service MP.

Am I missing something in configuration or it is as design.

Thanks and regards,
Kedar

Answer 1

BitLocker management is not supported and does not currently work with IBCM (or a CMG). It's being worked on and will hopefully be added to near future (maybe even the next) production build.

As for MPs on secondary sites, the locator service does not consider them for BitLocker recovery. Clients always require connectivity to an MP in the primary site so this aligns with that basic requirement. Also, escrowing a recovery key is not in any way network intensive and only happens when the key is set or rest so bandwidth usage is minimal and trivial even.

Is this causing you an issue or are you just validating?

If it's causing you an issue, you should file an item on UserVoice.