Posted by: kurtsh | April 10, 2013

RELEASE: Bitlocker Administration & Management 2.0 (MBAM2)

This is just announced at MMS 2013… & wicked cool.  MBAM can now support hardware-level encryption for SSDs & take ownership of a remote laptop’s TPM chip without a reboot.  Mind. Blown.

imageToday’s an exciting day for us here at the annual Microsoft Management Summit (MMS) in Las Vegas, as we just announced the general availability of the Microsoft Desktop Optimization Pack (MDOP) 2013 for Software Assurance, which includes a major update to Microsoft BitLocker Administration and Monitoring (MBAM) as well as a series of Service Pack updates for APP-V, UE-V, DART, and AGPM. As mentioned in our announcement on the Windows For Your Business blog the big star in the MDOP 2013 release is MBAM 2.0 which is designed to help you make significant costs reductions when it comes to provisioning, managing and supported encrypted devices (running Windows 7, Windows 8, and Windows To Go) within your environment.

For those of you that have been following our previous MBAM posts here on Springboard or have participated in the MBAM 2.0 beta program,  you’re likely already familiar with the feature set and I’d wager that you’re eager to learn more about how to deploy the final build within your environment. For those of you new to MBAM 2.0, or for anyone who may need a quick refresh, I’d like to quickly point out the key features that you will find in this release:

  • Self-Service Portal: The Self-Service Portal helps end users perform the most common support tasks without need of help desk assistance.
  • System Center Configuration Manager Integration: Integration with System Center Configuration Manager (SCCM) 2007 and 2012 enables organizations to integrate MBAM’s compliance management and reporting capabilities within your existing SCCM infrastructure.
  • Windows 8 Support: Support for managing Bitlocker on Windows 8 and Windows to Go devices has been included along with the ability to take advantage of new WinPE capabilities that will dramatically reduce encryption times.
  • Compliance reporting calculation improvements: Reporting has been updated so that devices are only marked as non-compliant when they’re in a state that is less secure than the minimum requirements defined in policy. This differs from MBAM 1.0 where compliance was based on strict adherence to policy and resulted in devices appearing non-complaint even when they were in a more secure configuration than policy required.

Each of these features were present in the MBAM 2.0 Beta 2 release and have since been improved, however, please note that a number of all new features have been added to the final release which include:

  • Support for managing Windows to Go devices
  • BitLocker pre-provisioning with WinPE including the use of Used Disk Space Only Encryption on Windows 8 devices
  • Windows 8 Operating System Drives can now be protected with the Password protector
  • Improved scalability and performance will enable you to deploy MBAM with less infrastructure
  • Devices left in “protection suspended” mode will automatically resume protection after reboot
  • MBAM can take ownership of the TPM without requiring a reboot (if TPM turned on in BIOS)

Read the rest of this VERY LONG post on the Windows Springboard blog:

Posted in Uncategorized

«
»

Categories