Infrastructure

Microsoft BitLocker Administration and Monitoring (MBAM) Part 1

I recently completed a project working with MBAM. I really don’t understand why more companies don’t use it to encrypt the fixed and removable disks of notebooks running Windows 7 Enterprise and Ultimate. I mean it’s basically BitLocker but it’s much easier to use in an enterprise environment than the older methods Microsoft had to back up the recovery keys to Active Directory. It also can interact with the end user in setting up and managing their PIN if BitLocker will be used with multi-factor authentication (TPM and PIN).

MBAM is part of the Microsoft Desktop Optimization Pack (MDOP). It’s a suite of technologies (App-V, UE-V, MED-V, AGPM, DaRT, and MBAM) available as a subscription for Software Assurance customers ( http://bit.ly/O4gDr8 ). MBAM basically has three components.

· SQL Server (s)

· Web Server (s)

· Client software

Setting everything up really isn’t difficult but since not a lot of people don’t work with MBAM I thought it would be beneficial to have a multi-part blog series reviewing MBAM and most of its features. Below are the upcoming blogs to be on the lookout for. The goal is to make you feel more comfortable using MBAM. For detailed information I suggest you download and read the MBAM technical documentation ( http://bit.ly/O4jL6d ).

· Introduction (This blog)

· Requirements (hardware and software)

· Planning

· Installing the SQL server(s)

· Installing the Web server(s)

· Planning for redundancy, backups, and disaster recovery

· Modifying the GPOs

· Deploying the client

· What the end client will see, if anything

· Troubleshooting

· Reports

· Wrap up

Leave a Reply