Tag Archives: MDOP

Full Drive Encryption–BitLocker and MBAM

I thought I would take a moment to create a quick post on Full Drive Encryption; specifically, Microsoft’s BitLocker for Full Drive Encryption.  Over the last 12 months, I have worked with many customers that have either implemented a Full Drive Encryption solution and haven’t been happy with it or are in the process of implementing Microsoft BitLocker for their Windows 7 or Windows 8 devices.

I can write more about BitLocker, MBAM, and MDOP later; however, I want to write a quick overview to let you know that there has been a deployment reference document created that may be of use to you (see Reference Architecture below).

What is BitLocker?

BitLocker is a data protection feature available in Windows Server 2008 R2 (or newer), Windows 7 Enterprise, and Windows 8.  It is integrated with the operating system to address threats of data theft or exposure from lost, stolen, or decommissioned computers.  In a nutshell, it is Microsoft’s implementation for anyone looking at a Full Drive Encryption solution for their computers or tablets.  You can read more about it from the TechNet article – BitLocker Drive Encryption Overview.

Microsoft BitLocker Administration and Monitoring

For the last several years, many customers were implementing BitLocker with their Windows 7 roll-outs but felt there needed to be “more” when it came to enterprise management of the BitLocker solution.  They were looking for a Help Desk or Self Service option in the event a recovery key was required, they wanted something that could implement a single use recovery key, and they wanted better reporting capabilities.

To answer these customer requests, Microsoft introduced the Microsoft BitLocker Administration and Monitoring (MBAM) solution.  MBAM is one of 6 product solutions included in the Microsoft Desktop Optimization Pack (MDOP) – which also includes solutions like Application Virtualization, User Experience Virtualization, Diagnostics and Recovery Toolset among others.  You can learn more about MDOP at the MDOP landing page.

Reference Architecture

The following reference document is Microsoft’s implementation of BitLocker and MBAM within the global organization.  You can download this 9 page document from here.

If you are looking for a large-scale implementation reference, see if these stats meet your standards:

The global IT infrastructure at Microsoft covers a large technology and user scope:

  • More than 190,000 users in 170 countries
  • 568 physical building locations
  • 47 percent of Microsoft users connect remotely
  • 300,000 client computers

Leave a comment

Filed under Core Infrastructure

Microsoft Desktop Optimization Pack 2013 HAS BEEN RELEASED

imageMinutes ago, Microsoft has made available the updated version of the Microsoft Desktop Optimization Pack.  There was an update last November that included updates to Application Virtualization (to App-V 5.0) and the introduction of User Experience Virtualization (UE-V 1.0).

Since November, there has been a lot of work on the next version of MDOP.  Read all about the announcement by Chris Hallum on the Windows Blog.

The biggest update is the availability of the Microsoft BitLocker Administration and Monitoring (MBAM) 2.0.  In a nutshell, this update provides four key improvements:

  1. A Self Service Portal
  2. Integration into System Center Configuration Manager 2007 and 2012
  3. Compliance reporting calculation improvements
  4. Simplified Provisioning

Additionally, all of these products moved to Service Pack 1:  Advance Group Policy and Management, Diagnostics and Recovery Toolset, Application Virtualization, and User Experience Virtualization.

If you are a Volume Licensing customer, you can download today.

Leave a comment

Filed under All, Core Infrastructure