What you should know about Microsoft's new BitLocker Management

Microsoft BitLocker Administration and Management (MBAM) 2.0 improves on its predecessor to make it simpler to encrypt and protect data.

Encryption can be a bit of a double-edged sword for organizations. It is an effective and essential tool for protecting sensitive data, but it often comes with a healthy side of user confusion and help desk calls. Microsoft hopes to simplify the process of implementing and managing BitLocker data encryption with the launch of Microsoft BitLocker Administration and Management (MBAM) 2.0 Beta 2.

A Windows for Your Business blog post announcing MBAM 2.0 Beta 2 points out that many states have data breach legislation in place, and that the penalties associated with failing to protect data can get quite costly. "I think this proves that the rules and stakes for data security are rapidly changing and there couldn't be a more important time to ensure your understanding of data breach laws, and protect your corporate and customer data from the ramifications of a potential breach."

BitLocker encryption has been around in some form or another since the launch of Windows Vista. It is an effective means of protecting data, but can be a major headache to manage--especially for small and medium businesses that generally have fewer dedicated IT resources.

MBAM 2.0 is part of the Microsoft Desktop Optimization Pack. The new versions builds on MBAM 1.0 in an effort to streamline provisioning of BitLocker encryption, reduce support calls and costs, simplify management, and improve compliance reporting.

Simplified Provisioning

BitLocker encryption relies on a TPM (Trusted Platform Module) chip on the PC being encrypted. It's possible to change BitLocker policies to work without a TPM, but BitLocker expects to find a TPM by default.

When users encrypt their own devices, the process can be confusing or intimidating. The process requires system reboots, and the user may be confronted with an ominous-sounding message forcing them to either call the help desk or cancel out of the encryption process.

Windows 8 is able to work more closely with the TPM. Organizations with MBAM 2.0 and Windows 8 PCs can allow users to encrypt their own devices without the fuss and complexity of dealing with the TPM.

Self-Service Portal

MBAM 1.0 included a Recovery Portal that the help desk could use for PIN resets, and BitLocker recovery issues, but it still required that the user call the help desk for assistance. MBAM 2.0 provides users with a Self Service Portal.

There are still issues that may arise where users will need to escalate to the help desk for support, but the MBAM 2.0 Self Service Portal should minimize support calls, and reduce support costs. Users can easily acquire a BitLocker Recover Key or reset a forgotten BitLocker PIN.

System Center Integration

IT admins generally have a lot on their proverbial plate. Anything that can be done to streamline monitoring and management of IT resources makes IT admins lives easier, and frees them up to focus on more crucial matters. For organizations that use Microsoft System Center Configuration Manager, MBAM 2.0 does just that.

MBAM 1.0 was a standalone tool that added one more thing for IT admins to monitor. MBAM 2.0 integrates with Microsoft System Center Configuration Manager 2007 or 2012 to enable organizations to manage BitLocker using the console they're already using to monitor and maintain the rest of the infrastructure.

Monitor Compliance

One advantage of integrating MBAM 2.0 with System Center Configuration Manager is that BitLocker encryption compliance reports can be generated and viewed through the Configuration Manager console.

Microsoft also made some subtle changes in how compliance is reported with MBAM 2.0. MBAM 1.0 reported any difference in configuration as non-compliant, but MBAM 2.0 is smart enough to realize if a device actually has better security that exceeds the policy requirements, and not flag it. MBAM 2.0 also streamlines how data is presented in compliance reports to make it easier to distill relevant information.

Data breaches are costly, and it's crucial for organizations to use disk encryption to protect sensitive information--especially on mobile PCs. MBAM 2.0 makes it easier for organizations to implement and manage BitLocker to ensure data is secure.

You can download MBAM 2.0 Beta 2 now and test it out.

Join the CSO newsletter!

Error: Please check your email address.

Tags Windows 8MicrosoftsecurityWindowssoftwareencryptionoperating systemsbusiness security

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts