Presentation is loading. Please wait.

Presentation is loading. Please wait.

TechReady 16 5/22/2018 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Similar presentations


Presentation on theme: "TechReady 16 5/22/2018 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."— Presentation transcript:

1 TechReady 16 5/22/2018 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2 TechReady 16 5/22/2018 WCA-B209 What's new with Windows 8 BitLocker and Microsoft BitLocker Administration and Monitoring 2.0 Lance Crandall Microsoft © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3 Session Objectives And Takeaways
Tech Ready 15 5/22/2018 Session Objectives And Takeaways Session Objective(s): Overview the top feature additions to BitLocker in Windows 8 Describe MBAM 2.0’s features that will reduce TCO and improve compliance and enforcement Educate you on how to deploy MBAM 2.0 in a variety configurations Go through new features that impact the end user experience BitLocker in Windows 8 is easier to provision and manage MBAM 2.0 solves key pain points in BitLocker and MBAM 1.0 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4 Agenda BitLocker Improvements in Windows 8
TechReady 16 5/22/2018 Agenda BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features MBAM 2.0 Stand Alone and Config Manager Modes MBAM 2.0 End User Experience © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5 April 8, 2014

6 Why Are Customers Moving To BitLocker?
TechReady 16 5/22/2018 Why Are Customers Moving To BitLocker? Cost Savings Simplicity © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7 BitLocker Improvements in Windows 8
TechReady 16 5/22/2018 BitLocker Improvements in Windows 8 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8 Provisioning Enhancements
TechReady 16 5/22/2018 Provisioning Enhancements Provisioning is the top pain point for encrypting devices: Provisioning is challenging regardless of vendor TPM provisioning is complex for IT and end users Encryption take too much time Solutions in Windows 8 make BitLocker the best choice: Auto Provisioning solves most TPM related provisioning issues Instant on BitLocker protection with Encrypted Hard Drive Fast encryption on traditional storage devices with Used Disk Space Only Encryption Encrypt new devices in parallel with imaging rather than after © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9 Improved Experience & Security
TechReady 16 5/22/2018 Improved Experience & Security Improving the IT and End-user Experience on Windows 8 Eliminating the need for Pre-Boot Authentication (Connected Standby devices) Fewer support issues on Windows 8 Certified devices Device Encryption automatically provisioned from factory on Windows RT devices Users and IT no longer involved in the complexity of TPM provisioning process Improved Security with Windows BitLocker Improved anti-hammering for Windows sign-in on BitLocker protected devices Automatic resume of BitLocker protection when device is left in suspended mode Use EAS to enforce BitLocker protection in non-domain joined and BYOD © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10 Improved Enterprise Readiness
TechReady 16 5/22/2018 Improved Enterprise Readiness Support for Server and Server Class Storage Scenarios Storage Area Networks (SAN) Support Windows Server Cluster Support Multi-factor authentication works in unattended scenarios Network protector leverages WDS for 2nd factor Enables 2nd factor authentication in Server scenarios Simplifies patching process on unattended devices © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

11 MBAM 2.0 Investment Areas and Features
TechReady 16 5/22/2018 MBAM 2.0 Investment Areas and Features © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12 What is Microsoft BitLocker Administration and Monitoring?
MBAM 1.0 objectives: Simplify provisioning and deployment Provide reporting (e.g.: compliance & audit) Reduce costs (e.g.: Simplified Recovery) “We can use MBAM v1.0 to get greater value from BitLocker. We can ensure that BitLocker is enabled and that we are compliant with corporate encryption mandates without taxing our employees or IT staff.” Bob Johnson Director of IT, BT U.S. and Canada MBAM 2.0 improved 1.0 functionality and adds additional focus on: Improving compliance and security Integrating with existing systems (e.g.: SCCM) Reducing costs (e.g.: Self Service, Simplified Deployment)

13 Configuration Manager Integration
TechReady 16 5/22/2018 MBAM 2.0 Release Pillars Configuration Manager Integration Windows 8 Support Self Service Customer Feedback © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14 MBAM 2.0 – Two Deployment Options
TechReady 16 5/22/2018 MBAM 2.0 – Two Deployment Options Stand alone mode Similar to v1 model: SQL Database contains Recovery Keys and Audit/Compliance Configuration manager integrated mode Compliance data and reports are integrated with Config Manager MBAM Agent distribution is facilitated via out of the box collection Key Recovery and Audit data remain in SQL Server as in Stand Alone © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15 Server Improvements 2 / 3 box set up recommended
TechReady 16 5/22/2018 Server Improvements Performance and Scalability 2 / 3 box set up recommended Deployment Flexibility TDE is not a requirement anymore SPNs can be set outside of Setup Improved Availability New VSSWriter implementation © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16 Supported Software Stand Alone Mode Configuration Mode
TechReady 16 5/22/2018 Supported Software Stand Alone Mode Configuration Mode Server OS (x64): Windows Server 2008 SP2 Standard/Enterprise/Datacenter Windows Server 2008 R2 SP1 Standard/Enterprise/Datacenter Windows Server 2012 Standard/Enterprise/Datacenter System Center Configuration Manager: Configuration Manager 2007 w/SP2 (x64 OS and SQL) Configuration Manager 2012 w/SP1 Client OS: Windows 7 Ultimate, Enterprise w/SP1 (x86/x64 ) Windows 8 Enterprise (x86/x64 ) Windows 8 Windows to Go SQL Server (x64): SQL 2008 R2 Standard edition or greater w/SP1 SQL 2012 Standard edition or greater RTM / SP1 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17 Hardware Configurations
TechReady13 5/22/2018 Hardware Configurations One Box (standalone and CM) topology for Lab Testing only: Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz 2.33 GHz or greater RAM 4 GB 8 GB Free disk space 5 GB 5 GB or greater 2-server standalone topology to support at least 200,000 clients: Web server:  SQL Server: Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz 2.33 GHz or greater RAM 8 GB 12 GB Free disk space 1 GB 2 GB Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz 2.33 GHz or greater RAM 8 GB 12 GB Free disk space 5 GB 5 GB or greater 3-server CM integrated topology to support at least 200,000 clients: Web server: SQL Server: Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz 2.33 GHz or greater RAM 4 GB 8 GB Free disk space 1 GB 2 GB Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz 2.33 GHz or greater RAM 4 GB 8 GB Free disk space 5 GB 5 GB or greater © 2011 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18 Standalone Architecture
Active Directory Domain Services & Group Policy Infrastructure Portals Web Services SQL Database Compliance Reports HelpDesk Portal Admin Web Service Reporting Web Site Self-service Portal Self-service Web Service Recovery Audit & Compliance GPO Recovery Web Service MBAM Client and BitLocker Reporting Web Service SSRS Portals Web Services SQL Database Compliance Reports Client Computer

19 Demo MBAM 2.0 in Stand Alone Mode Green Field Deployment TechReady 16
5/22/2018 Demo MBAM 2.0 in Stand Alone Mode Green Field Deployment © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

20 Configuration Manager Integrated Architecture
Active Directory Domain Services & Group Policy Infrastructure GPO Recovery Web Service Web Services Audit & Compliance SQL Database HelpDesk Portal Client Computer Self-service Portal Portals Self-service Web Service MBAM Client and BitLocker Admin Configuration Manager Management Console ConfigMgr Database Compliance SSRS ConfigMgr Agent

21 Demo MBAM 2.0 in Config Manager Mode Green Field Deployment
TechReady 16 5/22/2018 Demo MBAM 2.0 in Config Manager Mode Green Field Deployment © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22 Upgrading MBAM 1.0 to 2.0 MBAM 1.0 (RTM, R1 and Hotfix) to 2.0
TechReady 16 5/22/2018 Upgrading MBAM 1.0 to 2.0 MBAM 1.0 (RTM, R1 and Hotfix) to 2.0 Uninstall existing version and re-install MBAM 2.0 pointing to existing databases Stand Alone to Stand Alone Upgrade process works without any data loss Recovery keys and Compliance information kept throughout process Stand Alone to Configuration Manager Mode Upgrade process keeps Recovery Keys intact Compliance data is kept in existing MBAM 1.0 database but not ported to CM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23 TechReady 16 5/22/2018 MBAM 1.0 to 2.0 – Upgrade Flow Update Servers Uninstall server bits and keep databases Install new server pointing to existing databases For CM import MOF and verify agent collection Update group policy Choose protectors using MBAM templates Define server locations, intervals and exemption policy Deploy new Agent For CM deploy DCM Compliance will use 2.0 logic © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24 Upgrade Considerations
TechReady 16 5/22/2018 Upgrade Considerations Key Recovery during Upgrade Databases should be available throughout process Front end access (Helpdesk Portal or Self Service Portal) is main concern Compliance information Compliance history is maintained in Stand Alone to Stand Alone CM Mode deployments might take a while to populate compliance information New functionality might impact end users Deploy lab environment and make sure to test new policy options Compliance calculation is different – may prompt after upgrade to become compliant © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25 MBAM 2.0 End User Experience What to expect
TechReady 16 5/22/2018 MBAM 2.0 End User Experience What to expect © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26 MBAM Agent Overview MBAM Agent MBAM Control Panel
TechReady 16 5/22/2018 MBAM Agent Overview MBAM Agent Enforces Policy and ensures key escrow and compliance reporting No action is taken until group policy is deployed Silent install follows Configuration Manager Agent model MBAM Control Panel Complements Bitlocker Control Panel (non-Admin scenarios) Bitlocker UI is managed independently Enhancements to Bitlocker Agent complements Bitlocker pre-provisioning Bitlocker suspended mode is resumed after reboot © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27 End User Experience Compliance Flexibility Encryption Flow
TechReady 16 5/22/2018 End User Experience Compliance Flexibility MBAM Agent enforces ‘minimum bar’ End-users can add protectors if policy allows WMI component allows easy debug experience Encryption Flow Improvements to Agent UI decrease end-user resistance to encryption Volumes are handled one at a time Windows to Go Support Support for Password protector similar to FDD counterpart © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28 Demo MBAM Agent and compliance TechReady 16 5/22/2018
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29 In Review: Session Objectives And Takeaways
Tech Ready 15 5/22/2018 In Review: Session Objectives And Takeaways Session Objective(s): Overview the top feature additions to BitLocker in Windows 8 Describe MBAM 2.0’s features that will reduce TCO and improve compliance and enforcement Educate you on how to deploy MBAM 2.0 in a variety configurations Go through new features that impact the end user experience BitLocker in Windows 8 is easier to provision and manage MBAM 2.0 solves key pain points in BitLocker and MBAM 1.0 © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30 Related content Breakout Sessions (session codes and titles) MDC-B343
5/22/2018 6:17 AM Related content Breakout Sessions (session codes and titles) MDC-B343 Top 5 Server Application Deployment and Servicing Problems Addressed by Server App-V and System Center 2012 SP1 - Virtual Machine Manager Tuesday 13:30 -14:45 WCA-B203 Microsoft Application Virtualization 5.0 and Microsoft Office: Better Together Tuesday 16:45-18:00 WCA-B208 Microsoft Application Virtualization 5.0 Migration and Co-Existence with 4.6 Tuesday 13:15-14:30 WCA-B206 The Replaceable PC Wednesday 10:15-11:30 WCA-B319 Implementing Microsoft Application Virtualization 5.0: Lessons Learned from a Production Rollout WCA-B209 What's New with Windows 8 BitLocker and Microsoft BitLocker Administration and Management (MBAM) 2.0 Wednesday 13:30-14:45 WCA-B325 Making PC Recovery Easier with the Microsoft Diagnostics and Recovery Toolset (DaRT) Thursday 15:15-16:30 WCA-B359 Microsoft User Experience Virtualization (UE-V): How to Manage and Deploy UE-V across an Enterprise Thursday 10:15-11:30 WCA-B324 Integrating the New Microsoft Application Virtualization 5.0 with other Virtualization Solutions Friday 10:15-11:30 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31 Resources Learning TechNet msdn http://channel9.msdn.com/Events/TechEd
5/22/2018 6:17 AM Resources Learning Sessions on Demand Microsoft Certification & Training Resources TechNet msdn Resources for IT Professionals Resources for Developers © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

32 Evaluate this session Scan this QR code to evaluate this session.
5/22/2018 6:17 AM Required Slide *delete this box when your slide is finalized Your MS Tag will be inserted here during the final scrub. Evaluate this session Scan this QR code to evaluate this session. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

33 5/22/2018 6:17 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION. © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

34 TechReady 16 5/22/2018 Appendix © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

35 MDT Deployment Steps Pre-Deployment Steps Install the MBAM agent
TechReady 16 5/22/2018 MDT Deployment Steps Pre-Deployment Steps Enable TPM in the BIOS Run the Enable BitLocker (Offline) step Install the OS Join the domain Import the registry key template from: “c:\Program Files\Microsoft\MDOP\MBAM\MBAMDeploymentKeyTemplate.reg”, edited with your information Add NoStartupDelay key Install the MBAM agent Key will be escrowed and TPM protector will be enabled Post-Deployment Steps Remove MBAM reg keys Stop the MBAM client Start MBAM Client GPO applies and user prompted for PIN if applicable © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

36 MDT Deployment Steps – Existing OS
TechReady 16 5/22/2018 MDT Deployment Steps – Existing OS Pre-Deployment Steps Enable TPM in the BIOS BdeHDCfg.exe –target default –quiet Join the domain Import the registry key template from: “c:\Program Files\Microsoft\MDOP\MBAM\MBAMDeploymentKeyTemplate.reg”, edited with your information Set NoStartupDelay reg key Install the MBAM agent Wait for encryption to begin and escrow the key Post-Deployment Steps Remove MBAM reg keys Run GPUpdate /force to get existing MBAM GPO’s Stop the MBAM client Start MBAM Client GPO applies and user prompted for PIN if applicable © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

37 Secured Communications and Data
TechReady 16 5/22/2018 Secured Communications and Data Support for end to end encryption (client -> database) Before Deployment Configure SQL Database Engine’s Protocol to Force Encryption Configure the Web Service URL for SQL Reporting Services to use SSL Provision a Certificate to the Administration and Monitor server During Deployment Select “Use a certificate to encrypt the network communication” Select the appropriate certificate Database is automatically encrypted Post Deployment Backup the Certificate named “MBAM Recovery Encryption Certificate” © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

38 Enforcing Compliance Using Policy
TechReady 16 5/22/2018 Enforcing Compliance Using Policy Compliance enforced using Group Policy A superset of BitLocker policies New MBAM Policies Policy for Fixed Disk Volume Auto-unlock Hardware capability check before encryption Allow user to request an exemption Interval client verifies policy compliance (default = 90 min) Policy location: Computer Configuration > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management) © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

39 Options for Enforcing Compliance
TechReady 16 5/22/2018 Options for Enforcing Compliance Enforce compliance BEFORE a user receives the computer Works with Windows 7 and 8 deployment tools (MDT/SCCM) Manage TPM initialization and reboot process Support for user supplied PIN (e.g.: user provides PIN at first logon) Recovery key escrow can be bypassed and then escrowed when user first logs on Enforce compliance AFTER a user receives a computer User is provided with guided Policy Driven Experience Provides postpone capability Automatically enforce compliance when suspended or device is not encrypted after reboot © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

40 Empowering Windows Standard Users
Standard Users Can: Control Panel Applet: Encrypt Computers Change PIN Change Passwords PINs and Passwords Consider hiding original BitLocker Control Panel to make it difficult to: Decrypt devices Suspend encryption

41 Enhanced Compliance and Security
MBAM prevents reuse of BitLocker recovery keys Recovery keys are marked for reset after they’re exposed Client periodically checks to see if key reset is required Recovery keys reset after client obtains network connectivity

42 Compliance and Audit Reporting
Enterprise Compliance Report Determine the compliance status of the entire organization Computer Compliance Report Determine the compliance status of an individual computer Recovery Audit Report Used to determine who accessed a recovery key and when Need to know the last known state of a lost computer? Need to know how effective your rollout is, or how compliant your company is? Who and when recovery keys have been accessed and by whom?

43 Improved Recovery Experience Driving Down Costs
MBAM provides a recovery option alternative to Active Directory Recovery Keys TPM Unlock Package Access to recovery data is audited Self Service and Help Desk based options Role based authorization model for Help Desk Portal Tier 1: Helpdesk needs to have person/key match Tier 2: Key ID is sufficient (limited role) Create your own custom page leveraging web service layer Systems with UEFI + Windows 8 eliminate most recovery scenarios

44 For More Information System Center 2012 Configuration Manager
us/evalcenter/hh aspx?wt.mc_id=TEC_105_1_33 Windows Intune Windows Server 2012 Windows Server 2012 VDI and Remote Desktop Services us/evalcenter/hh aspx?ocid=&wt.mc_id=TEC_108_1_33 desktop-infrastructure.aspx More Resources: microsoft.com/workstyle microsoft.com/server-cloud/user-device-management

45 Windows Track Resources
5/22/2018 6:17 AM Windows Track Resources Windows Enterprise: windows.com/enterprise Windows Springboard: windows.com/ITpro Microsoft Desktop Optimization Package (MDOP): microsoft.com/mdop Desktop Virtualization (DV): microsoft.com/dv Windows To Go: microsoft.com/windows/wtg Outlook.com: tryoutlook.com © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.


Download ppt "TechReady 16 5/22/2018 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks."

Similar presentations


Ads by Google