MBAM Supported Computers compliance reporting incorrectly includes unsupported products

Applies to: BitLocker Administration and Monitoring 2.0Microsoft BitLocker Administration and Monitoring 2.0 Service Pack 1

Summary

The Microsoft BitLocker Administration and Monitoring (MBAM) Supported Computer collection includes Windows 7 Professional, Windows 7 computers without Trusted Platform Module (TPM), and non-Hyper-V virtual machines in Microsoft System Center 2012 Configuration Manager, Microsoft System Center 2012 R2 Configuration Manager, and Microsoft System Center Configuration Manager 2007. This causes incorrect information to be included in compliance reporting. 

Resolution

To resolve this issue, follow these steps:
  1. Manually update the MBAM Supported Computers collection query.
    • For Microsoft System Center 2012 Configuration Manager or Microsoft System Center 2012 R2 Configuration Manager, replace the existing collection query with the following query:
      select SMS_R_System.ResourceId, 
      SMS_R_System.ResourceType, 
      SMS_R_System.Name, 
      SMS_R_System.SMSUniqueIdentifier, 
      SMS_R_System.ResourceDomainORWorkgroup, 
      SMS_R_System.Client
      from SMS_R_System
      inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId
      inner join SMS_G_System_OPERATING_SYSTEM_EXT on SMS_G_System_OPERATING_SYSTEM_EXT.ResourceID = SMS_R_System.ResourceId
      inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId
      left outer join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId
      where ((SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%"
      and SMS_G_System_OPERATING_SYSTEM_EXT.SKU in (1,4,27,28,70,71)
      and SMS_G_System_TPM.SpecVersion >= "1.2")
      or NOT (SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%"
      or SMS_G_System_OPERATING_SYSTEM.Version like "6.0.%"
      or SMS_G_System_OPERATING_SYSTEM.Version like "5.%"))
      and SMS_G_System_COMPUTER_SYSTEM.DomainRole = 1
      and (SMS_G_System_COMPUTER_SYSTEM.Model not in ("Virtual Machine", "VMware Virtual Platform", "VirtualBox") 
      and SMS_G_System_COMPUTER_SYSTEM.Manufacturer not in ("Xen"))
    • For System Center Configuration Manager 2007 replace the existing collection query with the following query:
      select SMS_R_System.ResourceId,
      SMS_R_System.ResourceType, 
      SMS_R_System.Name, 
      SMS_R_System.SMSUniqueIdentifier, 
      SMS_R_System.ResourceDomainORWorkgroup, 
      SMS_R_System.Client
      from SMS_R_System
      inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceId
      inner join SMS_G_System_OPERATING_SYSTEM_EXT on SMS_G_System_OPERATING_SYSTEM_EXT.ResourceID = SMS_R_System.ResourceId
      inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId
      left outer join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId
      where ((SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%"
      and SMS_G_System_OPERATING_SYSTEM_EXT.SKU in (1,4,27,28,70,71)
      and SMS_G_System_TPM.SpecVersion >= "1.2")
      or NOT (SMS_G_System_OPERATING_SYSTEM.Version like "6.1.%" 
      or SMS_G_System_OPERATING_SYSTEM.Version like "6.0.%"
      or SMS_G_System_OPERATING_SYSTEM.Version like "5.%"))
      and SMS_G_System_COMPUTER_SYSTEM.DomainRole = 1
      and SMS_G_System_COMPUTER_SYSTEM.Model not in ("Virtual Machine", "VMware Virtual Platform", "VirtualBox") 
      and SMS_G_System_COMPUTER_SYSTEM.Manufacturer not in ("Xen"))
  2. Right-click and update the collection membership.