Full Drive Encryption–BitLocker and MBAM

I thought I would take a moment to create a quick post on Full Drive Encryption; specifically, Microsoft’s BitLocker for Full Drive Encryption.  Over the last 12 months, I have worked with many customers that have either implemented a Full Drive Encryption solution and haven’t been happy with it or are in the process of implementing Microsoft BitLocker for their Windows 7 or Windows 8 devices.

I can write more about BitLocker, MBAM, and MDOP later; however, I want to write a quick overview to let you know that there has been a deployment reference document created that may be of use to you (see Reference Architecture below).

What is BitLocker?

BitLocker is a data protection feature available in Windows Server 2008 R2 (or newer), Windows 7 Enterprise, and Windows 8.  It is integrated with the operating system to address threats of data theft or exposure from lost, stolen, or decommissioned computers.  In a nutshell, it is Microsoft’s implementation for anyone looking at a Full Drive Encryption solution for their computers or tablets.  You can read more about it from the TechNet article – BitLocker Drive Encryption Overview.

Microsoft BitLocker Administration and Monitoring

For the last several years, many customers were implementing BitLocker with their Windows 7 roll-outs but felt there needed to be “more” when it came to enterprise management of the BitLocker solution.  They were looking for a Help Desk or Self Service option in the event a recovery key was required, they wanted something that could implement a single use recovery key, and they wanted better reporting capabilities.

To answer these customer requests, Microsoft introduced the Microsoft BitLocker Administration and Monitoring (MBAM) solution.  MBAM is one of 6 product solutions included in the Microsoft Desktop Optimization Pack (MDOP) – which also includes solutions like Application Virtualization, User Experience Virtualization, Diagnostics and Recovery Toolset among others.  You can learn more about MDOP at the MDOP landing page.

Reference Architecture

The following reference document is Microsoft’s implementation of BitLocker and MBAM within the global organization.  You can download this 9 page document from here.

If you are looking for a large-scale implementation reference, see if these stats meet your standards:

The global IT infrastructure at Microsoft covers a large technology and user scope:

  • More than 190,000 users in 170 countries
  • 568 physical building locations
  • 47 percent of Microsoft users connect remotely
  • 300,000 client computers

Leave a comment

Filed under Core Infrastructure

Please Leave a Reply and share your thoughts

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s