Microsoft Downloads: Microsoft BitLocker Administration and Monitoring

Microsoft IT deployed Microsoft BitLocker Administration and Monitoring (MBAM) which builds on BitLocker in Windows 7. MBAM offers an enterprise solution for BitLocker provisioning, monitoring, and key recovery. MBAM also helps to simplify BitLocker provisioning and deployments, improve compliance and reporting, and reduce support costs.

Microsoft BitLocker Administration and Monitoring (MBAM) is part of the Microsoft Desktop Optimization Pack (MDOP), a suite of technologies available as a subscription for Microsoft Software Assurance customers.

MBAM is designed to facilitate simplified BitLocker provisioning, key recovery, and compliance and audit reporting. MBAM accomplishes this by providing a simple administrative interface to BitLocker Drive Encryption (BDE), which in turn enables administrators to configure BitLocker encryption policies that meet the requirements of their organization. MBAM provides the ability to monitor compliance with established BitLocker policies, and access recovery key information in the event that either the user forgets their personal identification number (PIN) or password, or when system configuration affecting BitLocker prevents the user from using his or her computer.

Situation

When Microsoft IT began to install Windows Vista® in their client computer environment in late 2006 and early 2007, part of that implementation included the new BitLocker Drive Encryption technology. BitLocker technology required a level of integration with the Trusted Platform Module (TPM) that was not built into many hardware platforms used within Microsoft. TPM is an important part of an effective enterprise BitLocker implementation, as it is the preferred mechanism for securing BitLocker encryption keys.

Because of the early implementation and the deployment scenario, BitLocker-enabled clients required a certain amount of intervention and assistance from Microsoft IT support staff. Microsoft IT quickly discovered that managing multiple implementations of BitLocker in an enterprise environment involved significant troubleshooting and administrative resources. Microsoft IT had a limited set of tools to accomplish tasks such as implementing the encryption process, obtaining recovery keys, and ensuring compliance of BitLocker encrypted systems. These tools did not fulfill the Microsoft IT enterprise requirements. The result was that BitLocker administration was manual, tedious, and costly.

Complete Paper DOWNLOAD HERE