Presentation is loading. Please wait.

Presentation is loading. Please wait.

DC-B312 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience.

Published byTracy Gilbert Modified over 8 years ago

Similar presentations

Presentation on theme: "DC-B312 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience."— Presentation transcript:

1

2 DC-B312

3

4 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience

5

6 What is Microsoft BitLocker Administration and Monitoring? MBAM 1.0 objectives: MBAM 2.0 improved 1.0 functionality and adds additional focus on: “ We can use MBAM v1.0 to get greater value from BitLocker. We can ensure that BitLocker is enabled and that we are compliant with corporate encryption mandates without taxing our employees or IT staff.” Bob Johnson Director of IT, BT U.S. and Canada Improving compliance and security Integrating with existing systems ( e.g.: SCCM ) Reducing costs ( e.g.: Self Service, Simplified Deployment ) Simplify provisioning and deployment Provide reporting ( e.g.: compliance & audit ) Reduce costs ( e.g.: Simplified Recovery )

7 Configuration Manager Integration Compliance reporting integrated to CM environment Hardware compatibility & targeting via CM collections Offload MBAM client reporting workload to CM client Windows 8 Support Windows 8 Enterprise support Non-TPM / Windows To Go Support Bitlocker Pre-Provisioning support Self Service Information Worker able to retrieve Recovery Key via Portal Recovery Keys protected with Access Control Auditing of all Recovery Key access Customer Feedback More pre-req flexibility (TDE, SPNs, SQL Server) Improved encryption flow & Smarter compliance calculation Improved scalability and performance

8

9 Active Directory Domain Services & Group Policy Infrastructure GPO Recovery Web Service Reporting Web Service Web Services Audit & Compliance SQL Database Reporting Web Site SSRS Compliance Reports HelpDesk Portal Client Computer Self-service Portal Portals Self-service Web Service Recovery MBAM Client and BitLocker Admin Web Service Portals Web Services SQL Database Compliance Reports

10 Configuration Manager Active Directory Domain Services & Group Policy Infrastructure GPO Recovery Web Service Web Services Audit SQL Database Management Console SSRS HelpDesk Portal Client Computer Self-service Portal Portals Self-service Web Service Recovery MBAM Client and BitLocker Admin Web Service ConfigMgr Database Compliance ConfigMgr Agent

11

12 MBAM 2.0 improvements Server configurations recommended for 1.0 ranged from single to five server Performance and scalability improvements allows simpler configurations Improved performance: A 2 box set up with recommended specs can support a 200k+ environment without issues. MSIT is using that configuration for all Microsoft SQL Standard Support : TDE is not a requirement anymore so SQL Standard can be used Improved VSSWriter: New implementation supports backups without impacting availability

13 Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM8 GB12 GB Free disk space1 GB2 GB Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM8 GB12 GB Free disk space5 GB5 GB or greater 2-server standalone topology to support at least 200,000 clients: Web server: SQL Server: 3-server CM integrated topology to support at least 200,000 clients: Web server: SQL Server : Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM4 GB8 GB Free disk space5 GB5 GB or greater Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM4 GB8 GB Free disk space1 GB2 GB Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM4 GB8 GB Free disk space5 GB5 GB or greater One Box (standalone and CM) topology for Lab Testing only:

14

15 Two deployment modes available Stand Alone Configuration Manager Integrated Stand alone mode Similar to MBAM v1 model – SQL Server Database contains databases for Recovery Keys and Audit/Compliance Configuration manager integrated mode Compliance DB and Reporting are integrated to CM infrastructure Compliance information is reported via CM Agent/DCM Agent distribution is facilitated via out of the box collection Key Recovery and Audit DB remain in SQL similar to Stand Alone

16

17

18 Update Servers Uninstall server bits and keep databases Install new server bits pointing to existing databases For CM mode this includes importing MOF file and verifying that agent collection meets your environment Update group policy Choose protectors and related options using MBAM templates Define server locations, intervals and exemption policy Deploy new Agent For CM mode this includes deploying DCM Compliance will use 2.0 logic

19

20

21

22

23

24

25

26

27

28

29

30 Standard Users Can: Encrypt Computers Change PIN Change Passwords Control Panel Applet: PINs and Passwords Consider hiding original BitLocker Control Panel to make it difficult to: Decrypt devices Suspend encryption

31 Enhanced Compliance and Security MBAM prevents reuse of BitLocker recovery keys Recovery keys are marked for reset after they’re exposed Client periodically checks to see if key reset is required Recovery keys reset after client obtains network connectivity

32 Who and when recovery keys have been accessed and by whom? Need to know how effective your rollout is, or how compliant your company is? Need to know the last known state of a lost computer?

33

34 Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at www.2013mms.com. Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.

35

36

Download ppt "DC-B312 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience."

Similar presentations

3/29/2017 1:10 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

3/29/2017 1:10 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
Agenda Human Process + System Automation Better together Demos Identify self service opportunities Enable cloud through automation Key Takeaways.

Agenda Human Process + System Automation Better together Demos Identify self service opportunities Enable cloud through automation Key Takeaways.
Experiences with Service Manager and Orchestrator.

Experiences with Service Manager and Orchestrator.
Contains: Monitoring configuration: MPs, rules, monitors, discoveries, etc. Configuration & inventory data Performance data State data Alerts.

Contains: Monitoring configuration: MPs, rules, monitors, discoveries, etc. Configuration & inventory data Performance data State data Alerts.
Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.

Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.
Fluffy’s Safe Right? If you want to limit a user’s functionality, don’t make them an administrator.

Fluffy’s Safe Right? If you want to limit a user’s functionality, don’t make them an administrator.
UD-B302 Lighting, HVAC, … 75% IT 25% PCs, Laptops, Monitors $28b Network $18b Servers $14b Printers $13b $90b Telecom $10b Other $7b Commercial Energy.

UD-B302 Lighting, HVAC, … 75% IT 25% PCs, Laptops, Monitors $28b Network $18b Servers $14b Printers $13b $90b Telecom $10b Other $7b Commercial Energy.
Agenda Orchestrator - Components Orchestrator – For the ConfigMgr Admin.

Agenda Orchestrator - Components Orchestrator – For the ConfigMgr Admin.
DV-B306 One with Windows More Apps in More Places Modern Managemen t.

DV-B306 One with Windows More Apps in More Places Modern Managemen t.
Bug Fixes Reduce costs (e.g.: Self Service) Reduce costs (e.g.: Simplified Recovery) Integrating with existing systems (e.g.: SCCM) Provide.

Bug Fixes Reduce costs (e.g.: Self Service) Reduce costs (e.g.: Simplified Recovery) Integrating with existing systems (e.g.: SCCM) Provide.
-ConfigMgr Scripting history -Introduction to the ConfigMgr SP1 & PowerShell -Scenarios & Demos.

-ConfigMgr Scripting history -Introduction to the ConfigMgr SP1 & PowerShell -Scenarios & Demos.
Appetizers Each MVP will present one tantalizing appetizer to whet your appetite for more. Please save all questions for the end. P.S. We’re here all.

Appetizers Each MVP will present one tantalizing appetizer to whet your appetite for more. Please save all questions for the end. P.S. We’re here all.
WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.

WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.
4/15/2017 10:16 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

4/15/ :16 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.
DV-B307 Personal & flexible  App and OS personalization roam across Windows  Syncs are smart and logins are fast  Application or OS reconfiguration.

DV-B307 Personal & flexible  App and OS personalization roam across Windows  Syncs are smart and logins are fast  Application or OS reconfiguration.
Agenda Overcome flat budgets Coping with relentless growth Meeting increasing business demands Managing escalating complexity Maintaining service levels.

Agenda Overcome flat budgets Coping with relentless growth Meeting increasing business demands Managing escalating complexity Maintaining service levels.
3 5 Cisco UCS™ Manager (Read / Write Configuration Interfaces) UCS Manager GUI and CLI Cisco UCS Fabric Interconnects (Read Only / Cut Through Interfaces)

3 5 Cisco UCS™ Manager (Read / Write Configuration Interfaces) UCS Manager GUI and CLI Cisco UCS Fabric Interconnects (Read Only / Cut Through Interfaces)
Service Manager Operations Manager Configuration Manager Data Protection Manager Virtual Machine Manager App Controller Orchestrator Active Directory.

Service Manager Operations Manager Configuration Manager Data Protection Manager Virtual Machine Manager App Controller Orchestrator Active Directory.
About me About this session Agenda Computer User.

About me About this session Agenda Computer User.
AI-B301 Topics A quick note: There is a lot of information in this session, too much in fact! Slides are heavy and designed for you to review. We’ll.

AI-B301 Topics A quick note: There is a lot of information in this session, too much in fact! Slides are heavy and designed for you to review. We’ll.

Similar presentations

Ads by Google