TPM Owner Password

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today we will focus on TPM Owner Password – quite misunderstood secret that is usually linked to the Bitlocker. TPM (Trusted Platform Module) is a small chip on the motherboard (discrete TPM) or part of the CPU implementation (firmware TPM) where we can store…

17

Impersonation Level for MBAM

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today, I am going to solve one of the rare errors that can occur while implementing MBAM infrastructure. My customer had a problem while accessing both MBAM websites: helpdesk portal and self-service portal. Opening any of them resulted in displaying only text version of…

1

TPM Lockout

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today, I am going to talk about TPM Lockout state. TPM (Trusted Platform Module) is a small chip on the motherboard (discrete TPM) or part of the CPU implementation (firmware TPM) which can be used to securely store small amount of information (certificates, private…

14

MBAM version chart

Hello Its Rafal Sosnowski from Microsoft Dubai Security PFE Team. Some time ago I put together all versions of MBAM (Microsoft Bitlocker Administration and Monitoring) tool into one table. Small disclaimer: It is based on what I have seen in the wild and is not official information from Product Group.   Version Product 1.0.1237.1 MBAM…

30

Bitlocker: Network Unlock

Hello everyone. It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Recently I have been requested by my customers to explain Bitlocker Network Unlock. So here you go. Network Unlock is a relatively new Bitlocker protector (added in Windows 8) that can be used to unlock computers after the reboot without need of entering Bitlocker…

17

Diving into Secure Boot

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today we will dive into Secure Boot technology. Secure Boot is a feature of UEFI (Unified Extensible Firmware Interface) that ensures that each component loaded during the boot process is digitally signed and validated. Secure boot makes sure that your PC boots using only software…

3

Bitlocker: AES-XTS (new encryption type)

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. Today I want to talk about new Bitlocker algorithm introduced in Windows 10 (build 1511). Bitlocker uses AES (Advanced Encryption Standard) to encrypt data on the drives. AES is a block cipher (as opposed to stream cipher) which divides plain text into blocks with the…

4

MBAM Database configuration – minimum permissions

Hello It’s Rafal Sosnowski from Microsoft Dubai Security PFE Team. For some of my customers it is unclear what are required minimum permissions to install MBAM Database components. Some time ago I have done some analysis of this and want to share with you my findings. Microsoft BitLocker Administration and Monitoring (MBAM) provides enterprise management…

2