- How and Why to Store MBAM Data to the SCCM Data Warehouse
- Deploy BitLocker management
- Plan for BitLocker management
- Microsoft Announces Enhanced Enterprise BitLocker Management
- What's new in version 1906 of Configuration Manager current branch
How and Why to Store MBAM Data to the SCCM Data WarehouseUpdate for Configuration Manager current branch is available as an in-console update. Apply this update on sites that run version or later. This article summarizes the changes and new features in Configuration Manager, version Always review the latest checklist for installing this update. For more information, see Checklist for installing update After you update a site, also review the Post-update checklist. To take full advantage of new Configuration Manager features, after you update the site, also update clients to the latest version. While new functionality appears in the Configuration Manager console when you update the site and console, the complete scenario isn't functional until the client version is also the latest. Because of weaknesses in the SHA-1 algorithm and to align to industry standards, Microsoft now only signs Configuration Manager binaries using the more secure SHA-2 algorithm. For more information, see Prerequisites for Windows clients. Site server maintenance tasks can now be viewed and edited from their own tab on the details view of a site server. The new Maintenance Tasks tab gives you information such as:. For more information, see Maintenance tasks. When applying a Configuration Manager update, you can now see the state of the Upgrade ConfigMgr database task in the installation status window. If the database upgrade is blocked, then you'll be given the warning, In progress, needs attention. When the database upgrade is no longer blocked, the status will be reset to In progress or Complete. For more information, see Install in-console updates. Management insights includes a new rule that detects if you enabled the less secure NTLM authentication fallback method for the site: NTLM fallback is enabled. For more information, see Management insights. Add a new synchronous replica from setup: You can now add a new secondary replica node to an existing SQL Always On availability group.
Deploy BitLocker management
Plan for BitLocker management
As detailed Microsoft detailed today, the new alternatives added to Bitlocker management for corporate environments further boost the robustness required to properly manage enterprise endpoints. Redmond announced that "MBAM will end mainstream support on July 9, and will enter extended support until July 9, ," with the new BitLocker management capabilities not to be included in the latest released MBAM version. Not a member yet? Register Now. To receive periodic updates and news from BleepingComputerplease use the form below. Learn more about what is not allowed to be posted. May 8, AM 0. BitLocker management lifecycle. Microsoft Intune Endpoint Protection portal. Sergiu Gatlan Sergiu Gatlan is a reporter who covered cybersecurity, technology, Apple, Google, and a few other topics at Softpedia for more than a decade. Email or Twitter DMs for tips. Previous Article Next Article. You may also like:. Popular Stories. Newsletter Sign Up To receive periodic updates and news from BleepingComputerplease use the form below. Login Username. Remember Me. Sign in anonymously. Sign in with Twitter Not a member yet? Reporter Help us understand the problem. What is going on with this comment? Spam Abusive or Harmful Inappropriate content Strong language Other Learn more about what is not allowed to be posted.
Microsoft Announces Enhanced Enterprise BitLocker Management
The ideal for BitLocker management is to eliminate the need for IT admins to set management policies using tools or other mechanisms by having Windows perform tasks that are more practical to automate. This vision leverages modern hardware developments. The growth of TPM 2. Windows continues to be the focus for new features and improvements for built-in encryption management, such as automatically enabling encryption on devices that support Modern Standby beginning with Windows 8. Though much Windows BitLocker documentation has been published, customers frequently ask for recommendations and pointers to specific, task-oriented documentation that is both easy to digest and focused on how to deploy and manage BitLocker. This article links to relevant documentation, products, and services to help answer this and other related frequently-asked questions, and also provides BitLocker recommendations for different types of computers. This can help ensure that computers are encrypted from the start, even before users receive them. Enterprises can use Microsoft BitLocker Administration and Monitoring MBAM to manage client computers with BitLocker that are domain-joined on-premises until mainstream support ends in July or they can receive extended support until April Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. Without Windows 10, versiononly local administrators can enable BitLocker via Intune policy. Starting with Windows 10, versionIntune can enable BitLocker for standard users. The BitLocker CSP adds policy options that go beyond ensuring that encryption has occurred, and is available on computers that run Windows 10 and on Windows phones. Azure AD provides a portal where recovery keys are also backed up, so users can retrieve their own recovery key for self-service, if required. Servers are often installed, configured, and deployed using PowerShell, so the recommendation is to also use PowerShell to enable BitLocker on a serverideally as part of the initial setup. The steps to add shell components to Server Core are described in Using Features on Demand with Updated Systems and Patched Images and How to update local source media to add roles and features. If you are installing a server manually, such as a stand-alone server, then choosing Server with Desktop Experience is the easiest path because you can avoid performing the steps to add a GUI to Server Core. BitLocker Network Unlock brings together the best of hardware protection, location dependence, and automatic unlock, while in the trusted location. For Azure AD-joined computers, including virtual machines, the recovery password should be stored in Azure Active Directory. BitLocker Group Policy Reference. Microsoft Intune Overview. BitLocker CSP. Windows Server Installation Options.