Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You can configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your unit, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the unit as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.
MBAM 2.5 has the following features:
- Enables administrators to automate the process of encrypting volumes on client computers across the enterprise
- Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself
- Reduces the workload on the Help Desk to assist end users with BitLocker PIN and recovery key requests
- Enables end users to recover encrypted devices independently by using the Self-Service Portal
- Enables security officers to easily audit access to recover key information
- Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected
MBAM enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of the enterprise’s and individual’s computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot records change.
- Windows 7 Enterprise, Windows 8.1 Pro, Windows 8.1, or Windows 10 (Pro and Enterprise)
- Two partitions
- Trusted Platform Module (TPM) – (Not required for Windows 8.1 or 10 provided a PIN is set)
A TPM is a special chip that runs an authentication check on your hardware, software, and firmware. If the TPM detects an unauthorized change your PC will boot in a restricted mode to deter potential attackers.
NOTE: To determine if you have a TPM enabled, check the device manager and look for a Security Devices section. If you don’t see one listed, there might still be one on your system, but it might be disabled and need to be enabled in you computers BIOS.
NOTE: Please note that TPM 2.0 requires UEFI Secure Boot in order for BitLocker to work properly.
Service Level Agreement
|Service Request Fulfillment Time||2-4 business days depending on the complexity of the request|
|Incident Resolution Time||3–5 business days depending on the complexity of the incident|
|Maintenance Window(s)||Approved ACCC maintenance window(s)|
|Service Notification Channel(s)||ACCC Service Notices, REACH distribution email list|
|Reviewed to Ensure SLA Meets Business Requirements||Provisional SLA - Currently under IT Governance review|
|Date Reviewed||Provisional SLA - Currently under IT Governance review|
|Service Owner: Ed Zawacki|