MDOP 2011 R2 Generally Available -- BitLocker Admin and Mon is New Addition to the Family

  • Article

Although I write more on the Cloud and Windows Azure, the topic of data security has been coming up a lot in my customer conversations. Windows 7 solved this problem by addressing data security in transit and at rest but deploying BitLocker at scale needed specialized tools to ease the management, admistration, monitoring, and recovery of encrypted drives.

So, here it is, the new addition to the MDOP family of products available to enterprise customers is now available ... drum roll ... introducing ... Microsoft BitLocker Administration and Monitoring (MBAM):

Building on BitLocker in Windows 7, MBAM will help simplify BitLocker provisioning and deployments, improve compliance and reporting, and reduce support costs. To simplify provisioning and deployment, MBAM integrates into your existing Windows 7 deployment process to help automate the encryption process. If you have already deployed Windows 7 but have not enabled BitLocker, you can now have your end users with standard user permissions can start the encryption process. You can also target BitLocker encryption by targeting hardware by make and model, making sure that only machines capable of meeting the encryption policy are encrypted.

To help improve compliance and reporting, MBAM provides reports out of the box that help you understand which machines are encrypted and meet your BitLocker organizational policy. We also provide an alternative to storing BitLocker recovery key information in Active Directory. Machines with the MBAM client will send BitLocker recovery key information to an encrypted SQL database.

MBAM will also help you reduce your support costs by streamlining key recovery for the help desk via a web page that allows the help desk to quickly get the user’s recovery key if they get into BitLocker recovery mode. The help desk no longer needs access to Active Directory. MBAM also creates one time use recovery keys. When a recovery key is retrieved and used, the MBAM client will automatically generate a new recovery key for that PC so that the original key cannot be used to gain access to the machine again.

More info at https://www.microsoft.com/windows/enterprise/products/mdop/default.aspx