question

JohnBiggston-8696 avatar image
0 Votes"
JohnBiggston-8696 asked saldana-msft edited

MEMCM Integrated Bitlocker - Does the key get deleted with the object?

Greetings,
We currently have an MBAM standalone infrastructure. We're looking to migrate it into the MEMCM-integrated or Intune\Azure integrated model, but we're concerned that if an MEMCM client object gets deleted, whether manually or as a result of a cleanup task, the encryption key will be deleted along with it, and we have the same concerns with Azure\Intune. For those who have already integrated, does the key get deleted for inactive or deleted clients once the object is removed? If not, how is it accessible?

Thanks

mem-cm-generalmem-intune-general
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

2 Answers

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

BitLocker recovery keys are never deleted from the ConfigMgr DB as they are not directly part of the device "object".

BitLocker recovery keys in Azure are part of the Azure AD device object and thus exactly like on-prem AD, the RK is deleted when the AAD object is deleted.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JohnBiggston-8696 avatar image
0 Votes"
JohnBiggston-8696 answered

Hi Jason,
Thanks for the quick response. That's what I was after.

Cheers.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.