I thought I would take a moment to create a quick post on Full Drive Encryption; specifically, Microsoft’s BitLocker for Full Drive Encryption. Over the last 12 months, I have worked with many customers that have either implemented a Full Drive Encryption solution and haven’t been happy with it or are in the process of implementing Microsoft BitLocker for their Windows 7 or Windows 8 devices.
I can write more about BitLocker, MBAM, and MDOP later; however, I want to write a quick overview to let you know that there has been a deployment reference document created that may be of use to you (see Reference Architecture below).
What is BitLocker?
BitLocker is a data protection feature available in Windows Server 2008 R2 (or newer), Windows 7 Enterprise, and Windows 8. It is integrated with the operating system to address threats of data theft or exposure from lost, stolen, or decommissioned computers. In a nutshell, it is Microsoft’s implementation for anyone looking at a Full Drive Encryption solution for their computers or tablets. You can read more about it from the TechNet article – BitLocker Drive Encryption Overview.
Microsoft BitLocker Administration and Monitoring
For the last several years, many customers were implementing BitLocker with their Windows 7 roll-outs but felt there needed to be “more” when it came to enterprise management of the BitLocker solution. They were looking for a Help Desk or Self Service option in the event a recovery key was required, they wanted something that could implement a single use recovery key, and they wanted better reporting capabilities.
To answer these customer requests, Microsoft introduced the Microsoft BitLocker Administration and Monitoring (MBAM) solution. MBAM is one of 6 product solutions included in the Microsoft Desktop Optimization Pack (MDOP) – which also includes solutions like Application Virtualization, User Experience Virtualization, Diagnostics and Recovery Toolset among others. You can learn more about MDOP at the MDOP landing page.
The following reference document is Microsoft’s implementation of BitLocker and MBAM within the global organization. You can download this 9 page document from here.
If you are looking for a large-scale implementation reference, see if these stats meet your standards:
The global IT infrastructure at Microsoft covers a large technology and user scope:
- More than 190,000 users in 170 countries
- 568 physical building locations
- 47 percent of Microsoft users connect remotely
- 300,000 client computers