This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Moving away from Safeguard

Hello,

Has anyone got any experience moving away from Safeguard to MBAM/AD key management? Just want to know people thoughts and experiences as this is something we are considering doing. 

Many Thanks

Tom



This thread was automatically locked due to age.
Parents
  • Hi Tom - obviously an awkward question to ask but.... :)

    Yes, I have experimented with moving away from Sophos and populating AD with the keys. We have AD AND AAD AND Sophos here for BLRK and it all seems to work ok. 

    I will be shortly experimenting scripting the removal of Sophos to automate this whole process too. Since Sophos is only managing BLK already, I don't think it'll be to much of a challenge. I don't though have FE - just DE. I'm hoping with a reboot (unavoidable I think) to fully (and cleanly) removed the Cred provider/client I should be good to go? That's my belief anyway! :)

    I'll keep you updated

     

  • Thanks Michael, 

    It would be interesting to know how you get on, We have a nightmare here with Safeguard which is why we are looking to phase it out competently, we've got about 5000 devices to do! 

    Many Thanks

     

    Tom

  • All Windows devices Tom or a mixed estate?

     

    What's been the nightmare? Are you devices already bound to AD and what OS? All TPM?

  • All windows 10 with TPM so it should dare I say be a piece of cake.. 

    Just has it's little quirks.. devices randomly not syncing, certificate issues, User assignment problems, Safeguard Credential Provider issues, the list goes on really.

    We don't use any features of Safeguard so it seems a lot of effort/overheads just to backup keys. I'm also going to some digging on MBAM which we have a licence for, and try and utilize that along side AD.

Reply
  • All windows 10 with TPM so it should dare I say be a piece of cake.. 

    Just has it's little quirks.. devices randomly not syncing, certificate issues, User assignment problems, Safeguard Credential Provider issues, the list goes on really.

    We don't use any features of Safeguard so it seems a lot of effort/overheads just to backup keys. I'm also going to some digging on MBAM which we have a licence for, and try and utilize that along side AD.

Children
No Data