Enable BitLocker Using SCCM OSD Task Sequence and MBAM

Few days ago I wanted to enable BitLocker as a part of OS deployment. With SCCM & MBAM this can be done in two ways.

1. Used Space Encryption or Pre-Provisioning BitLocker.
2. Full Disk Encryption (FDE) or the normal way.

Pre-Provisioning BitLocker is crazily fast. Because it encrypts the disk even before the OS is applied. Also it will only encrypt the used space. So when data gets written to disk it will automatically encrypt the newly added data. Used Space Encryption is good if the HDD has never stored confidential data in the past or the HDD is previously fully encrypted with BitLocker. I prefer this method.

FDE as the name suggests, encrypts the entire disk. Also it's a time consuming process even if configured as a part of OS deployment. It might take 2-3 hours or more depending on the size of the HDD and the size of the data on the HDD. But most people prefer this method.

I will share my experience & task sequences which worked for me to do above in both ways.

Sri Lanka IT Pro Forum - December 2016

Last year (actually last week 😉) I got a chance to do a session with my colleague Muditha Jayath Chathuranga on the topic "Protecting Corporate Data with Microsoft Intune Conditional Access" at Sri Lanka IT Pro Forum December meetup. This was a good experience for me as this was my first time.

Upgrading System Center Data Protection Manager (SCDPM) 2012 R2 to System Center Data Protection Manager 2016

Couple of  days ago I did an upgrade of System Center DPM 2012 R2 to System Center DPM 2016 for one of our customers. This was carried out along with a cluster upgrade; Server 2012 R2 to Server 2016. And in here, I will only write about how I upgraded DPM. ;)

Our customer had System Center Data Protection Manager 2012 R2 UR4 and SQL Server 2012 SP1 installed on a HP StorSimple 1650 NAS box running Windows Storage Server 2012 R2. DPM was configured to backup 3 node Server 2012 R2 cluster to disk and online (Azure) backup.

Since the day we upgraded the cluster to 2016, they could not take backups. Why? because DPM 2012 R2 does not support backing up Server 2016. Wow..!! DPM 2012 support matrix So we decided to bring in System Center Data Protection Manager 2016.

This is how I did it.