Migrate from McAfee Drive Encryption to BitLocker

Problem

A client contacted us and explained that they need to migrate from McAfee Drive Encryption to BitLocker. They've used McAfee ePO on-premise since 2016 but moving forward they plan to manage encryption using InTune and BitLocker.

We were asked to scope up and perform the migration.

Challenges

• Timeline - the work needed to be carried out safely before their existing McAfee support contract expired.
• Hybrid Configuration - none of the endpoints were domain joined to Azure so this added another level of complexity that needed to be overcome before they could be managed.
• Silent on-boarding of BitLocker - the client wanted the transition from McAfee to BitLocker to be as transparent to end users as possible.
• Encryption activation - it was critical that McAfee Encryption was deactivated before the BitLocker rollout to prevent activation issues.

Solution

The first stage was to remove the automation that installed and activated McAfee Encryption. Once this was done we setup new automation to deactivate it. We monitored to confirm this was working for all internal and external endpoints. Once encryption was deactivated we could safely remove it from each system. This was achieved with more automation in ePO.

The next stage was to configure Hybrid AD Join for domain devices which was done using AD Connect.

The final stage was to onboard devices to In-Tune and setup BitLocker scripts to evaluate each endpoint and then activate encryption if appropriate.

We used pilot groups for testing and the client was very happy with the results.