Documentation for SCCM task sequence deployment orchestrator

MBAM Server details

Specify your MBAM server address URL. If recovery keys are stored in the MBAM recovery and hardware database, sccmtspsi will use this MBAM server address to automatically unlock locked drives.

MBAM server address should begin with https://.

Note : The realm broker account should have permission to read the recovery password from Microsoft Bitlocker Administration and Monitoring service. Add the realm broker account either to the “Advanced helpdesk users” active directory group or the “MBAM administrators” active directory group.

Suggest Edit

DCOM hardening issue.

This application fails to authenticate with WMI on the SCCM server because Microsoft has not yet hardened DCOM on their Windows Preinstallation Environment. We are working on a different approach, but it will only be released during the first quarter of 2024. But until that time, the only workaround will be to uninstall the update corresponding to KB5004442.