cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 7
Report Inappropriate Content
Message 1 of 4

Convert MDE Systems To MNE?

Jump to solution

Due to the amount of hands on labor it will take to upgrade Windows 10 systems from November Update to Anniversary Update this year and to upgrade again to all the future Windows 10 upgrades next year, we have found that MDE will no longer be a workable solution for us.

We will either move to McAfee MNE or manage systems via Microsoft's MBAM or maybe use both if they can work together.

What is the most efficient way to migrate away from MDE 7.1.3?

My guess would be change MDE policies to decrypt drives, then after drives are all decrypted, push deployment tasks to uninstall all MDE-related apps and deploy MNE with a Bitlocker encryption policy.

Does uninstalling MDE require a restart and, if so, can a single restart handle both uninstalling MDE and getting MNE ready to start encrypting with Bitlocker?

1 Solution

Accepted Solutions
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 4

Re: Convert MDE Systems To MNE?

Jump to solution

Sounds about right.

We can use tags (assess at each ASCI) to apply tags to machines which are at certain stages of the whole process, to automate the changing of policy and task assignments.

eg. Change policy to decrypt.

Then auto-tag Win10 laptops with MDE installed, but disks decrypted - this tag can be used in task assignment for a deployment task to uninstall MDE.

Then eg. auto-tag a Win10 laptop with no MDE, to catch an assignment of deployment task for MNE.

Then obv when MNE installed, the MNE policies will take effect.

View solution in original post

3 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 4

Re: Convert MDE Systems To MNE?

Jump to solution

Sounds about right.

We can use tags (assess at each ASCI) to apply tags to machines which are at certain stages of the whole process, to automate the changing of policy and task assignments.

eg. Change policy to decrypt.

Then auto-tag Win10 laptops with MDE installed, but disks decrypted - this tag can be used in task assignment for a deployment task to uninstall MDE.

Then eg. auto-tag a Win10 laptop with no MDE, to catch an assignment of deployment task for MNE.

Then obv when MNE installed, the MNE policies will take effect.

View solution in original post

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: Convert MDE Systems To MNE?

Jump to solution

Note that MBAM requires that you setup and manage multiple servers for different facets of the MBAM solution.  By contrast, simply use ePO for MNE to provide a streamlined management experience.

Highlighted
Level 7
Report Inappropriate Content
Message 4 of 4

Re: Convert MDE Systems To MNE?

Jump to solution

For a small environment, MBAM can be set up on a single physical server or virtual machine.

With MBAM, you can easily suspend and reenable  Bitlocker.

MNE has no practical way to suspend Bitlocker. It requires a very convoluted process of copying files to each system and running scripts manually to temporarily disable Bitlocker for any OS upgrades and firmware updates.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community