Use MBAM 2.0 to ensure that Windows BitLocker encryption conforms to compliance

Let's see what role Mbam plays in managing encryption across multiple systems. After you understand the basic components of Windows BitLocker and Mbam 2.0, you can deploy to perform desktop security policies.

Deploy MBAM 2.0

Before installing MBAM, you should have some plans. First, you need to decide whether to perform a stand-alone installation or use the Configuration Manager to install it. The advantage of using the Configuration Manager installation is that you can install MBAM in an already deployed infrastructure.

In addition, the Configuration Manager can allow or disallow a particular type of hardware. In other words, if you run the Configuration Manager just to install MBAM, you might as well perform a standalone installation.

Regardless of the type of installation you decide to use, you can install BitLocker on a client computer as part of a Windows system, or configure BitLocker after you install Windows. You can also choose from a variety of options, such as the type of drive, or whether you want to use the recovery key more than once.

For Windows 8 PCs, you can also take advantage of its new security features, such as choosing to encrypt only space, which reduces the time required for BitLocker encryption.

Before installing MBAM, make sure that your corporate network contains the necessary components that support MBAM installations, including Active Directory domains, IIS, SQL Server, and other hardware and software requirements.

The entire MBAM installation process has many dependencies and can be a time-consuming process. If not executed correctly, it can also be dangerous. Be sure to read the MBAM Administrator's Guide carefully before starting the installation.

In addition to installing MBAM, you must configure Group Policy settings to define how BitLocker should be executed on the client computer. You can configure both the operating system driver and the fixed data-driven options. However, you can only use policy templates to configure these options. MBAM does not use the default BitLocker policy, which can occur with a setting conflict.

Management MBAM 2.0

After you have set up the MBAM and configured the Group Policy settings, you can manage the system. The Help Desk portal is the primary management tool that can run you to perform a number of administrative tasks. For example, you can use its drive recovery function to access an encrypted drive, provided that BitLocker is in a restored state. And you can take the necessary steps to restore the drive. You can also use the Help Desk portal to recover removed or damaged drives.

Help Desk Portal Another practical feature is the ability to generate reports to monitor usage and compliance. The information in the report is based on data that MBAM collects from the Active Directory and Windows clients.

You can create three different kinds of reports. The Corporate Compliance report contains information about BitLocker compliance in the Organization as a whole. Computer compliance reports are specific to a user or computer that contains details of each encrypted drive on the computer, such as policy password strength and compliance status. The Recovery audit report displays information about the user requesting access to the recovery key, including the date and time of each request, and the reason for the request.

In addition to help Desk Portal,mbam provides a self-service portal that provides services for end users to retrieve their own recovery keys. If BitLocker users forget their passwords or pins, or if they modify the operating system files, BIOS, or Trusted platform modules, they can seek help from here.

The user only needs to enter the first eight bits of the recovery key ID to retrieve the recovery key. The self-service portal will return the actual 48-bit recovery key, and the user will then enter the BitLocker recovery screen.

Using MBAM 2.0

In addition to the above mentioned, Mbam also contains many other features. For example, if an administrator pauses a BitLocker drive, Mbam can restart the drive when the computer restarts.

In addition, MBAM periodically checks the policy control of the Windows BitLocker drive to restore the improper drive to an appropriate state. In addition, a user can set a device to a compliance state without the help of an administrator.

Obviously, Mbam offers a lot of help. If you want BitLocker to protect your corporate desktop, you should also take mbam into account.