- BitLocker Management for Enterprises
- Microsoft Announces Enhanced Enterprise BitLocker Management
- How and Why to Store MBAM Data to the SCCM Data Warehouse
- Deploy BitLocker management
- Plan for BitLocker management
BitLocker Management for EnterprisesNew Signature has Microsoft-certified Azure experts and consultants who assess your business, develop the virtual machines that you need to meet your goals and streamline your operations through the cloud. Learn More. A Microsoft environment is not complete and usable until the proper licensing has been purchased and activated for your organization. We develop technological solutions to increase collaboration for industries that never stop. Dynamic solutions that respect patient privacy, increase collaboration, and provide tools to access vital information. Bringing you the tools to develop a streamlined customer banking experience and enhanced security. Optimizing your technology to heighten cyber-security efforts, enhance collaboration, and encourage growth. Examine a wide array of New Signature thought leadership assets including videos, ebooks and infographics to learn more about our services and offers. Our eBooks are a collection of learning guides that deliver a comprehensive look at some of the most pressing business trends, and how technologies can help you overcome those challenges. Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature. New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoftwhich kept the user firmly at the center of the transformation. View Case Study. The Technical Preview has introduced improvements to BitLocker management including integrated reports, a helpdesk portal for administration and monitoring, and a self-service portal for users. As discussed in this whitepaper published by Microsoft, as a best practice your organization should have an intentional stance around the longevity and guardianship of BitLocker recovery keys that will outlast the present administration. Again, quoting the same white paper:. As a legally bound entity, your organization is subject to data retention policies for the kinds of data you collect, generate and store. For the data you know about, you legally comply with the requirements around it. Your ability to show or accomplish future compliance on past data depends on your policy now around your generations of recovery keys. Your organization must consider the implications that data, once thought lost or destroyed, may reappear long after the fact. MBAM did provide the requirements listed above because MBAM never purges data from its database, however storing your compliance and recovery keys in the SCCM database alone cannot meet this requirement unless you store backup indefinitely.
Microsoft Announces Enhanced Enterprise BitLocker Management
How and Why to Store MBAM Data to the SCCM Data Warehouse
Deploy BitLocker management
Configuration Manager doesn't enable this optional feature by default. You must enable this feature before using it. For more information, see Enable optional features from updates. For more information, see BitLocker overview. To manage encryption on co-managed Windows 10 devices using the Microsoft Endpoint Manager cloud service, switch the Endpoint Protection workload to Intune. For more information on using Intune, see Windows Encryption. Configuration Manager provides the following management capabilities for BitLocker Drive Encryption:. For example: choose drive encryption and cipher strength, configure user exemption policy, fixed data drive encryption settings. Determine the algorithms with which to encrypt the device, and the disks that you target for encryption. When a user unlocks the OS drive, specify whether to unlock only an OS drive or all attached drives. Allow other personas in your organization outside of the Configuration Manager console to help with key recovery, including key rotation and other BitLocker-related support. For example, help desk administrators can help users with key recovery. Let users help themselves with a single-use key for unlocking a BitLocker encrypted device. Once this key is used, it generates a new key for the device. There are two options:. This option only applies to Configuration Manager version This option applies to Configuration Manager versions or For more information, see Encrypt recovery data. To use the BitLocker management reports, install the reporting services point site system role. For more information, see Configure reporting. For the Recovery Audit Report to work from the administration and monitoring website, only use a reporting services point at the primary site. To use the self-service portal or the administration and monitoring website, you need a Windows server running IIS. You can reuse a Configuration Manager site system, or use a standalone web server that has connectivity to the site database server. Use a supported OS version for site system servers. Only install the self-service portal and the administration and monitoring website with a primary site database. In a hierarchy, install these websites for each primary site. On the web server that will host the self-service portal, install Microsoft ASP. The user account that runs the portal installer script needs SQL sysadmin rights on the site database server. During the setup process, the script sets login, user, and SQL role rights for the web server machine account. You can remove this user account from the sysadmin role after you complete setup of the self-service portal and the administration and monitoring website. By default, the Enable BitLocker task sequence step only encrypts used space on the drive.