SlideShare une entreprise Scribd logo

Managing bitlocker with mbam

Olav Tvedt
Olav Tvedt

My presentation from NIC2012 about Bitlocker

TechnologieVoyages
1  sur  49
Télécharger pour lire hors ligne
Managing Bitlocker With Microsoft Desktop Optimization Pack(MDOP) For Software Assurance’s (SA) Microsoft Bitlocker Administration And Monitoring (MBAM) Olav Tvedt Consiglier EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
OR Olav Tvedt Consiglier EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
MBWMDOPFSAMBAAM OTCEEGMS&D
Among friends just called... Olav Tvedt Consiglier EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
Managing Bitlocker With MBAM Olav Tvedt Consigliere EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
AGENDA • What Is Bitlocker • Why Use Disk Encryption • Bitlocker News In Windows 8 • Bitlocker Without MBAM • Bitlocker With MBAM
What Is Bitlocker
What Is Bitlocker • Encrypts • Operating System Drive • Fixed Data Drive • Removable Data Drive • Checks After Changes • Bios • System/Startup Files
Why Use Disk Encryption?
Category Name Model Office Date Computer equipment Computer Macbook ARLANDA 23.Dec.2011 Computer equipment Computer Apple ARLANDA 23.Dec.2011 Computer equipment Computer Lenovo ARLANDA 23.Dec.2011 Computer equipment Computer Dell E6400 ARLANDA 25.Dec.2011 Computer equipment Computer Ipad ARLANDA 26.Dec.2011 Computer equipment Computer Lenovo ThinkPad GARDERMOEN 23.Dec.2011 Computer equipment Computer Acer GARDERMOEN 23.Dec.2011 Computer equipment Computer emachines GARDERMOEN 24.Dec.2011 Computer equipment Computer Apple GARDERMOEN 25.Dec.2011 Computer equipment Computer Dell Adamo XPS Laptop HEATHROW 23.Dec.2011 Computer equipment Computer Dell Latitude E6410 HEATHROW 23.Dec.2011 Computer equipment Computer iPad2 HEATHROW 23.Dec.2011 Computer equipment Computer Dell HEATHROW 23.Dec.2011 Computer equipment Computer HP laptop HEATHROW 23.Dec.2011 Computer equipment Computer Sony vaio HEATHROW 24.Dec.2011 Computer equipment Computer Sony vaio HEATHROW 24.Dec.2011 Computer equipment Computer MacBook Air HEATHROW 24.Dec.2011 Computer equipment Computer Apple MacBook Pro HEATHROW 24.Dec.2011 Computer equipment Computer HP HEATHROW 24.Dec.2011 Computer equipment Computer Acer HEATHROW 26.Dec.2011 Computer equipment Computer Apple MacBook Air HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various iPad HEATHROW 23.Dec.2011 Computer equipment Computer equipment/Various Lenovo T400 HEATHROW 23.Dec.2011 Computer equipment Computer equipment/Various iPad HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various iPad HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Logitech HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Padini HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various HP Compaq 2510p HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Macbook pro HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Sony HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Amazon Kinldle HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Eee PC 1000H HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Ipad HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Targus HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Samsung NP-N145_JP03UK HEATHROW 26.Dec.2011
Bitlocker Modes • Basic Mode: - TPM only • Advanced Modes: - TPM + PIN - TPM + USB Dongle - USB Dongle - TPM + PIN + USB Dongle
Windows 8 And Bitlocker • Pre-encrypt, ask for pin on first logon • Only encrypt sectors with data • Bitlocker Network Unlock
Bitlocker Are Vulnerable When: • The Disk Have Not Yet Been Totally Encrypted • You Don’t Use Pin • Especial If The Computer Have Or Might Get: • Firewire • Thunderbolt • Fake Bios Startup (To Get Pin)
Important To Do • Use Bitlocker • Use Pin • Change Pin • Disable Possibility to use - Firewire - Thunderbolt
If You Can’t Use Bitlocker Yet
Bitlocker Requirements • A computer running: • Windows 7 Enterprise (x86/x64) • Windows 7 Ultimate (x86/x64) • Windows Server 2008 R2 • With TPM • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system • Removable Storage • USB • Floppy • Memory Card
Enable Bitlocker On A Virtual Machine For TESTING: 1. Set “Allow Bitlocker without compatible TPM” In a GPO 2. Create a virtual floppy disk 3. Enable bitlocker with «manage-bde» cscript c:WindowsSystem32manage-bde.wsf -on C: -rp -sk A: 4. Restart and it will start to encrypt
http://olavtvedt.blogspot.com/2012/01/running-bitlocker-on-virtual-computer.html http://vninja.net/virtualization/creating-virtual-floppy-vsphere/
THE VANILA TASTE BITLOCKE WITHOUT MBAMM
Enabling Bitlocker Server Side • On The Schema Master: - C:TempBitlocker Scrip>ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=DomainName,DC=com" -k -j . • On Any DC - cscript Add-TPMSelfWriteACE.vbs
Enabling Bitlocker Client Side • During Deployment • Best way, but some «challenges» • After Deployment • Manual or script
Management • Script • Active Directory User And Computer • ADSI Edit • No Feedback • No Reporting
And Always Remember!!!
Bitlocker Links • BitLocker Drive Encryption Step-by-Step Guide for Windows 7 http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx • Using the BitLocker Repair Tool to Recover a Drive http://technet.microsoft.com/en-us/library/ee523219(WS.10).aspx • BitLocker Deployment Sample Resources http://archive.msdn.microsoft.com/bdedeploy • BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory http://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx • Windows Trusted Platform Module Management Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc749022(WS.10).aspx • BitLocker Drive Encryption Deployment Guide for Windows 7 http://technet.microsoft.com/en-us/library/dd875547(WS.10).aspx
Microsoft BitLocker Administration and Monitoring (MBAM) BITLOCKER WITH MBAM
Application Virtualization (App-V) Asset Inventory Service (AIS) Turns applications into centrally A hosted service that collects software managed services that are never inventory data and translates it into installed, never conflict, and are actionable business intelligence. streamed on-demand to end users. Diagnostics and Recovery Microsoft Enterprise Desktop Toolset (DaRT) Virtualization (MED-V) MDOP supporting Provides application continuity during Reduces downtime by accelerating the Flexible Workstyle Windows migrations, allowing legacy troubleshooting, repair, and data recovery of unbootable Windows-based applications to run in virtual machine- desktops. based compatibility workspaces. Advanced Group Policy BitLocker Administration Management (AGPM) and Monitoring (MBAM) Enhances governance and control over Makes BitLocker easier and more cost-effective Group Policy through robust change to manage by simplifying deployment and management, versioning, and role- provisioning, improving compliance, and based administration. minimizing support efforts.
What is Microsoft BitLocker Administration and Monitoring (MBAM)? • MBAM builds on the BitLocker data protection offering in Windows 7 by providing IT professionals with an enterprise-grade solution for BitLocker provisioning, monitoring, and key recovery. GOALS ARE: Simplify provisioning Provide reporting Reduce support costs 1 and deployment 2 (e.g.: compliance 3 (e.g.: improved & audit) recovery)
Prerequisites For Server • Operation System: Windows Server 2008 SP2 (x86/x64) Windows Server 2008 R2 • Database: • Compliance and Audit Report Server • Microsoft Sql Server 2008 R2 Std/Ent/Dev • Recovery and Hardware Database Server • Microsoft Sql Server 2008 R2 Enterprise Only • Security reason: Transparent Data Encryption (TDE)
Installing Mbam • Single computer configuration • Everything on a single server. Supported, but only recommended for testing purposes. • Three-computer configuration • Recovery and Hardware Database, Compliance and Audit Reports, and Compliance and Audit Reports features are installed on a server • Administration and Monitoring Server feature is installed on a server • Group Policy template is installed on a server or client computer. • Five-computer configuration • Each server feature is installed on dedicated computers: • Recovery and Hardware Database • Compliance Status Database • Compliance and Audit Reports • Administration and Monitoring Server • Group Policy Template is installed on a server or client computer
Installing Mbam • Or In Most Cases 2 Computer • 1 Sql • 1 Mbam w/Group Policy Template • Need To Have GPMC Installed Group Policy Template Server?
Prerequisites For Clients • A computer running: • Windows 7 Enterprise (x86/x64) • Windows 7 Ultimate (x86/x64) • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system
MBAM Client • Encrypt volumes BEFORE a user receives the computer • Works with Windows 7 deployment tools (MDT/SCCM) • Client can: • Manage TPM reboot process • Be configured with TPM first and PIN later (e.g.: user provides PIN at first logon) • Recovery key escrow can be bypassed and then escrowed when user first logs on • Best Practice • Encrypt volumes AFTER a user receives a computer • Client is provides a Policy Driven Experience • Client will manage TPM reboot process • Standard or Admin users can encrypt • Only use when unencrypted machines appear on the network
MBAM Policy Settings • A superset of BitLocker policies • New MBAM Policies • Policy for Fixed Disk Volume Auto-unlock • Hardware capability check before encryption • Allow user to request an exemption • Interval client verifies policy compliance (default = 90 min) • Policy location: • Computer Configuration > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management)
Client Experience
Client Troubleshooting BdeHdCfg.exe -target c: shrink -size 300 -quiet –restart http://support.microsoft.com/kb/933246
Hardware Capability Management • Some older computers may not properly support TPM • To ensure those computers aren’t encrypted, a feature is included that can be used to define which computers are BitLocker capable • How you turn it on: • Group Policy setting so client checks before encryption starts • From Central Console, define computers that are capable or not
How It Works • 1 New Computer Discovered, Info Added To Central HW List 2 State Need To be Modified On Website By • Operator With Permissions 3 When Feature Is Enabled Only Compatible • Computers Will Be Encrypted 4 Mbam Client Check Compatibility Before • Encrypting (Make/Model/Bios Version)
Troubleshooting: • “HKLMSoftwareMicrosoftMBAM” Create Dword “NoStartupDelay” value=1 Create Dword “DisableMachineVerification” value=1 • Prevent Delay Of Hardware Compatibility Checking delete this 2 keys and restart the MBAM agent: HKLMsoftwaremicrosoftMBAMHWExemptionTimer HKLMsoftwaremicrosoftMBAMHWExemptionType HWExemptionType are 0=unknown,1=incompatible,2=compatible • Mbam Fails To Start Encrypt Disk %windir%system32bdeHdCfg.exe -target default -size 300 -quiet http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/9e6dc763-03e5-421c-b0c5-33ca89477880 http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/ecd17002-0f06-4a62-845c-920442adb2b5 http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/0f62a250-2eb7-4e9a-aab8-bc4cafb6f71a
Compliance and Reporting Need to know how effective Who and when keys Need to know the your rollout is, or how have been accessed and last known state of a compliant your company is? when new hardware has lost computer? been added? • MBAM agent collects and passes data to reporting server • All clients pass this up, encrypted or not • IT can clarify WHY a computer is not compliant • Built on SQL Server® Reporting Services (SSRS), it gives you flexibility to add your own reports
Troubleshooting/Speeding Up Reporting: http://support.microsoft.com/default.aspx?scid=kb;EN-US;2620269
Central Storage of Recovery Key • Recovery Key(s) are Escrowed • Operating System Volume • Fixed Data Volumes • Removable Data Volumes • Stored outside of Microsoft Active Directory® • 3-Tier Architecture • DB encrypted with SQL Server’s Transparent Data Encryption • Web Service API to build org-specific solutions • All logging and authorization are done at web service layer to ensure parity for custom apps
Helpdesk Key Recovery UI • MBAM provides a web page for helpdesk functionality • Provide BitLocker Recovery Key for authorized users • Provide TPM unlock package for authorized users • All requests (successful or not) are logged: who, when, which volume • Role based authorization model to get recovery info • Tier 1: Helpdesk needs to have person/key match • Tier 2: Key ID is sufficient (limited role) • Create your own custom page leveraging web service layer
Single Use Recovery Keys • Once a BitLocker Recovery key has been exposed , the client will create a new one • As part of regular client/server communication, client checks to see if Recovery Key has been exposed • MBAM client will create new one • Transparent to user • Recovery Keys are created once a volume is unlocked
MBAM Links • Getting Started With MBAM http://onlinehelp.microsoft.com/mdop/hh285638.aspx • Deploying MBAM http://onlinehelp.microsoft.com/mdop/hh285644.aspx • Operations for MBAM http://onlinehelp.microsoft.com/mdop/hh285664.aspx • Troubleshooting MBAM http://onlinehelp.microsoft.com/mdop/hh352745.aspx • Downloadable MBAM technical documentation http://www.microsoft.com/download/details.aspx?id=27555
Friday 16:25 : EDB Ergogroup Stand Saturday 10:05 :Windows 8, what’s The Fuzz All About, Auditorium 6 15:05 : DaRT Flash Talk, Microsoft/HP Stand 16:25 : EDB Ergogroup Stand Blog: olavtvedt.blogspot.com Twitter: @olavtwitt

Recommandé

Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
Chapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsChapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsRaja Waseem Akhtar
 
Linux User Management
Linux User ManagementLinux User Management
Linux User ManagementGaurav Mishra
 
SCCM 2012 Presentation
SCCM 2012 PresentationSCCM 2012 Presentation
SCCM 2012 PresentationFaisal Alvi [MCTS]
 
Microsoft System Center Configuration Manager for Education
Microsoft System Center Configuration Manager for Education Microsoft System Center Configuration Manager for Education
Microsoft System Center Configuration Manager for Education Herman Arnedo
 
Cloud Computing: Virtualization
Cloud Computing: VirtualizationCloud Computing: Virtualization
Cloud Computing: VirtualizationDr.Neeraj Kumar Pandey
 
Workgroup vs domain
Workgroup vs domainWorkgroup vs domain
Workgroup vs domaintameemyousaf
 
Virtual desktop infrastructure
Virtual desktop infrastructureVirtual desktop infrastructure
Virtual desktop infrastructureGokulan Subramani
 

Recommandé

Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
Chapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsChapter04 Implementing And Managing Group And Computer Accounts
Chapter04 Implementing And Managing Group And Computer AccountsRaja Waseem Akhtar
 
Linux User Management
Linux User ManagementLinux User Management
Linux User ManagementGaurav Mishra
 
SCCM 2012 Presentation
SCCM 2012 PresentationSCCM 2012 Presentation
SCCM 2012 PresentationFaisal Alvi [MCTS]
 
Microsoft System Center Configuration Manager for Education
Microsoft System Center Configuration Manager for Education Microsoft System Center Configuration Manager for Education
Microsoft System Center Configuration Manager for Education Herman Arnedo
 
Cloud Computing: Virtualization
Cloud Computing: VirtualizationCloud Computing: Virtualization
Cloud Computing: VirtualizationDr.Neeraj Kumar Pandey
 
Workgroup vs domain
Workgroup vs domainWorkgroup vs domain
Workgroup vs domaintameemyousaf
 
Virtual desktop infrastructure
Virtual desktop infrastructureVirtual desktop infrastructure
Virtual desktop infrastructureGokulan Subramani
 
Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptxsyedasadraza13
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptxmasbulosoke
 
Active directory backup
Active directory backupActive directory backup
Active directory backupAhmad sohail Kakar
 
Community cloud
Community cloud Community cloud
Community cloudSNKN-CloudComputing
 
03 bit locker-mod03
03 bit locker-mod0303 bit locker-mod03
03 bit locker-mod03António Barroso
 
Linux process management
Linux process managementLinux process management
Linux process managementRaghu nath
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)Venkatesh Jambulingam
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecturerahuldaredia21
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an OracleDharmalingam Ganesan
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application VirtualizationJames W. De Rienzo
 
Active Directory
Active DirectoryActive Directory
Active DirectoryWellington Oliveira
 
VMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation ENVMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation ENDaron Walker
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic CommandsHanan Nmr
 
Nfs
NfsNfs
NfsWaqas !!!!
 
linux file sysytem& input and output
linux file sysytem& input and outputlinux file sysytem& input and output
linux file sysytem& input and outputMythiliA5
 
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentCitrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentHuy Pham
 
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfRed Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfGonéri Le Bouder
 
Linux System Programming - File I/O
Linux System Programming - File I/O Linux System Programming - File I/O
Linux System Programming - File I/O YourHelper1
 
VMware Presentation
VMware PresentationVMware Presentation
VMware PresentationEmirates Computers
 
virtual machine.ppt
virtual machine.pptvirtual machine.ppt
virtual machine.pptSushantShinde74
 
Managing bitlocker with MBAM
Managing bitlocker with MBAMManaging bitlocker with MBAM
Managing bitlocker with MBAMOlav Tvedt
 
Deploying Microsoft BitLocker
Deploying Microsoft BitLockerDeploying Microsoft BitLocker
Deploying Microsoft BitLockerutahmisfit
 

Contenu connexe

Tendances

Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptxsyedasadraza13
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptxmasbulosoke
 
Linux process management
Linux process managementLinux process management
Linux process managementRaghu nath
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecturerahuldaredia21
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application VirtualizationJames W. De Rienzo
 
VMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation ENVMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation ENDaron Walker
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic CommandsHanan Nmr
 
linux file sysytem& input and output
linux file sysytem& input and outputlinux file sysytem& input and output
linux file sysytem& input and outputMythiliA5
 
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentCitrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentHuy Pham
 
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfRed Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfGonéri Le Bouder
 
Linux System Programming - File I/O
Linux System Programming - File I/O Linux System Programming - File I/O
Linux System Programming - File I/O YourHelper1
 

Tendances (20)

Active Directory Domain Services.pptx
Active Directory Domain Services.pptxActive Directory Domain Services.pptx
Active Directory Domain Services.pptx
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
 
Active directory backup
Active directory backupActive directory backup
Active directory backup
 
Community cloud
Community cloud Community cloud
Community cloud
 
03 bit locker-mod03
03 bit locker-mod0303 bit locker-mod03
03 bit locker-mod03
 
Linux process management
Linux process managementLinux process management
Linux process management
 
Domain Name System (DNS)
Domain Name System (DNS)Domain Name System (DNS)
Domain Name System (DNS)
 
Active directory architecture
Active directory architectureActive directory architecture
Active directory architecture
 
RSA Game using an Oracle
RSA Game using an OracleRSA Game using an Oracle
RSA Game using an Oracle
 
VDI and Application Virtualization
VDI and Application VirtualizationVDI and Application Virtualization
VDI and Application Virtualization
 
Active Directory
Active DirectoryActive Directory
Active Directory
 
VMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation ENVMware Horizon Customer Presentation EN
VMware Horizon Customer Presentation EN
 
Linux Basic Commands
Linux Basic CommandsLinux Basic Commands
Linux Basic Commands
 
Nfs
NfsNfs
Nfs
 
linux file sysytem& input and output
linux file sysytem& input and outputlinux file sysytem& input and output
linux file sysytem& input and output
 
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture DeploymentCitrix XenDesktop and XenApp 7.5 Architecture Deployment
Citrix XenDesktop and XenApp 7.5 Architecture Deployment
 
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdfRed Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
Red Hat Ansible Lightspeed Ansible Meetup-2023-11.pdf
 
Linux System Programming - File I/O
Linux System Programming - File I/O Linux System Programming - File I/O
Linux System Programming - File I/O
 
VMware Presentation
VMware PresentationVMware Presentation
VMware Presentation
 
virtual machine.ppt
virtual machine.pptvirtual machine.ppt
virtual machine.ppt
 

En vedette

Managing bitlocker with MBAM
Managing bitlocker with MBAMManaging bitlocker with MBAM
Managing bitlocker with MBAMOlav Tvedt
 
Deploying Microsoft BitLocker
Deploying Microsoft BitLockerDeploying Microsoft BitLocker
Deploying Microsoft BitLockerutahmisfit
 
Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...
Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...
Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...Microsoft Technet France
 
Smau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, MicrosoftSmau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, MicrosoftSMAU
 
Data protection in windows
Data protection in windowsData protection in windows
Data protection in windowsVijay Kumar
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemNabeel Ahmed
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 

En vedette (7)

Managing bitlocker with MBAM
Managing bitlocker with MBAMManaging bitlocker with MBAM
Managing bitlocker with MBAM
 
Deploying Microsoft BitLocker
Deploying Microsoft BitLockerDeploying Microsoft BitLocker
Deploying Microsoft BitLocker
 
Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...
Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...
Gérer le chiffrement de vos disques en entreprise avec Microsoft BitLocker Ad...
 
Smau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, MicrosoftSmau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, Microsoft
 
Data protection in windows
Data protection in windowsData protection in windows
Data protection in windows
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
 

Similaire à Managing bitlocker with mbam

Lenovo ThinkPad Tablet 2 Catalog
Lenovo ThinkPad Tablet 2 CatalogLenovo ThinkPad Tablet 2 Catalog
Lenovo ThinkPad Tablet 2 CatalogLenovo Business
 
2nd ARM Developer Day - mbed Workshop - ARM
2nd ARM Developer Day - mbed Workshop - ARM2nd ARM Developer Day - mbed Workshop - ARM
2nd ARM Developer Day - mbed Workshop - ARMAntonio Mondragon
 
Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...
Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...
Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...Principled Technologies
 
Training Guide Idea Pad V2
Training Guide Idea Pad V2Training Guide Idea Pad V2
Training Guide Idea Pad V2lunarfall
 
Windows 7 In place migration with zero latency
Windows 7 In place migration with zero latencyWindows 7 In place migration with zero latency
Windows 7 In place migration with zero latencyEugrid
 
Vmware view vdi for americana's business case
Vmware view vdi for americana's business caseVmware view vdi for americana's business case
Vmware view vdi for americana's business caseTripleValue
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Md Yousup Faruqu
 
10 zig
10 zig10 zig
10 zigdvmug1
 
03 - NGE – Next-Gen Endpoints Overview.pptx
03 - NGE – Next-Gen Endpoints Overview.pptx03 - NGE – Next-Gen Endpoints Overview.pptx
03 - NGE – Next-Gen Endpoints Overview.pptxceyhan1
 
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...Unidesk Corporation
 
TCO & TVT
TCO & TVTTCO & TVT
TCO & TVTLeoCurtis
 
Anyware... from mainframe to thin and cloud
Anyware... from mainframe to thin and cloudAnyware... from mainframe to thin and cloud
Anyware... from mainframe to thin and cloudwintermatiko
 
Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...
Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...
Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...Principled Technologies
 
Swisscom my deploy_winworkers_arbeitsprobe
Swisscom my deploy_winworkers_arbeitsprobeSwisscom my deploy_winworkers_arbeitsprobe
Swisscom my deploy_winworkers_arbeitsprobeSebastian Lentz
 
How to fail or succeed with desktop virtualization and workspace mobility
How to fail or succeed with desktop virtualization and workspace mobilityHow to fail or succeed with desktop virtualization and workspace mobility
How to fail or succeed with desktop virtualization and workspace mobilityDenis Gundarev
 
Lenovo + VMware simplify and automate data center IT operations
Lenovo + VMware simplify and automate data center IT operationsLenovo + VMware simplify and automate data center IT operations
Lenovo + VMware simplify and automate data center IT operationsLenovo Data Center
 
Windows 7 Optimized Desktop
Windows 7 Optimized DesktopWindows 7 Optimized Desktop
Windows 7 Optimized DesktopIT Masterclasses
 

Similaire à Managing bitlocker with mbam (20)

Lenovo ThinkPad Tablet 2 Catalog
Lenovo ThinkPad Tablet 2 CatalogLenovo ThinkPad Tablet 2 Catalog
Lenovo ThinkPad Tablet 2 Catalog
 
2nd ARM Developer Day - mbed Workshop - ARM
2nd ARM Developer Day - mbed Workshop - ARM2nd ARM Developer Day - mbed Workshop - ARM
2nd ARM Developer Day - mbed Workshop - ARM
 
Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...
Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...
Dell Latitude 7340 Ultralight: Strong performance plus business‑essential fea...
 
Training Guide Idea Pad V2
Training Guide Idea Pad V2Training Guide Idea Pad V2
Training Guide Idea Pad V2
 
Windows 7 In place migration with zero latency
Windows 7 In place migration with zero latencyWindows 7 In place migration with zero latency
Windows 7 In place migration with zero latency
 
Vmware view vdi for americana's business case
Vmware view vdi for americana's business caseVmware view vdi for americana's business case
Vmware view vdi for americana's business case
 
X230 brochure
X230 brochureX230 brochure
X230 brochure
 
Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD] Business Case Of Bring Your Own Device[ BYOD]
Business Case Of Bring Your Own Device[ BYOD]
 
10 zig
10 zig10 zig
10 zig
 
03 - NGE – Next-Gen Endpoints Overview.pptx
03 - NGE – Next-Gen Endpoints Overview.pptx03 - NGE – Next-Gen Endpoints Overview.pptx
03 - NGE – Next-Gen Endpoints Overview.pptx
 
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...
Server Virtualization - Smashing Success! Desktop Virtualization - Not So Mu...
 
TCO & TVT
TCO & TVTTCO & TVT
TCO & TVT
 
Anyware... from mainframe to thin and cloud
Anyware... from mainframe to thin and cloudAnyware... from mainframe to thin and cloud
Anyware... from mainframe to thin and cloud
 
Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...
Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...
Get more comprehensive remote IT support capabilities on a Dell OptiPlex 7070...
 
Swisscom my deploy_winworkers_arbeitsprobe
Swisscom my deploy_winworkers_arbeitsprobeSwisscom my deploy_winworkers_arbeitsprobe
Swisscom my deploy_winworkers_arbeitsprobe
 
Dell Gaming G3
Dell Gaming G3Dell Gaming G3
Dell Gaming G3
 
How to fail or succeed with desktop virtualization and workspace mobility
How to fail or succeed with desktop virtualization and workspace mobilityHow to fail or succeed with desktop virtualization and workspace mobility
How to fail or succeed with desktop virtualization and workspace mobility
 
Windows 7 Feature Overview
Windows 7 Feature OverviewWindows 7 Feature Overview
Windows 7 Feature Overview
 
Lenovo + VMware simplify and automate data center IT operations
Lenovo + VMware simplify and automate data center IT operationsLenovo + VMware simplify and automate data center IT operations
Lenovo + VMware simplify and automate data center IT operations
 
Windows 7 Optimized Desktop
Windows 7 Optimized DesktopWindows 7 Optimized Desktop
Windows 7 Optimized Desktop
 

Plus de Olav Tvedt

MVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingMVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingOlav Tvedt
 
Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Olav Tvedt
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceOlav Tvedt
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its contentOlav Tvedt
 
NIC - Lets put the business into one drive
NIC - Lets put the business into one driveNIC - Lets put the business into one drive
NIC - Lets put the business into one driveOlav Tvedt
 
Securing the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useSecuring the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useOlav Tvedt
 
The Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekThe Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekOlav Tvedt
 
What’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateWhat’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateOlav Tvedt
 
Let's put the business into onedrive for business
Let's put the business into onedrive for businessLet's put the business into onedrive for business
Let's put the business into onedrive for businessOlav Tvedt
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?Olav Tvedt
 
ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation Olav Tvedt
 
Microsoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceMicrosoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceOlav Tvedt
 
Microsoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaMicrosoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaOlav Tvedt
 
Microsoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryMicrosoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryOlav Tvedt
 
Modern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementModern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementOlav Tvedt
 
Modern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaModern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaOlav Tvedt
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide DeckOlav Tvedt
 

Plus de Olav Tvedt (20)

MVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingMVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothing
 
Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the device
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its content
 
NIC - Lets put the business into one drive
NIC - Lets put the business into one driveNIC - Lets put the business into one drive
NIC - Lets put the business into one drive
 
Securing the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useSecuring the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the use
 
The Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekThe Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last week
 
What’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateWhat’s new for SMBs in fall creators update
What’s new for SMBs in fall creators update
 
Let's put the business into onedrive for business
Let's put the business into onedrive for businessLet's put the business into onedrive for business
Let's put the business into onedrive for business
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Hackcon 2017
Hackcon 2017Hackcon 2017
Hackcon 2017
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?
 
ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation
 
Bsm mw10
Bsm mw10Bsm mw10
Bsm mw10
 
Microsoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceMicrosoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a service
 
Microsoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaMicrosoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline media
 
Microsoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryMicrosoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directory
 
Modern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementModern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - Management
 
Modern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaModern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline media
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck
 

Dernier

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelDeepika Singh
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesrafiqahmad00786416
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDropbox
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native ApplicationsWSO2
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...apidays
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024The Digital Insurer
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsNanddeep Nachan
 

Dernier (20)

Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot ModelNavi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Navi Mumbai Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor PresentationDBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectorsMS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
 

Managing bitlocker with mbam

  • 1. Managing Bitlocker With Microsoft Desktop Optimization Pack(MDOP) For Software Assurance’s (SA) Microsoft Bitlocker Administration And Monitoring (MBAM) Olav Tvedt Consiglier EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
  • 2. OR Olav Tvedt Consiglier EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
  • 4. Among friends just called... Olav Tvedt Consiglier EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
  • 5. Managing Bitlocker With MBAM Olav Tvedt Consigliere EDB Ergogroup MVP Setup & Deployment Blog: olavtvedt.blogspot.com Twitter: @olavtwitt
  • 6. AGENDA • What Is Bitlocker • Why Use Disk Encryption • Bitlocker News In Windows 8 • Bitlocker Without MBAM • Bitlocker With MBAM
  • 8. What Is Bitlocker • Encrypts • Operating System Drive • Fixed Data Drive • Removable Data Drive • Checks After Changes • Bios • System/Startup Files
  • 9. Why Use Disk Encryption?
  • 10. Category Name Model Office Date Computer equipment Computer Macbook ARLANDA 23.Dec.2011 Computer equipment Computer Apple ARLANDA 23.Dec.2011 Computer equipment Computer Lenovo ARLANDA 23.Dec.2011 Computer equipment Computer Dell E6400 ARLANDA 25.Dec.2011 Computer equipment Computer Ipad ARLANDA 26.Dec.2011 Computer equipment Computer Lenovo ThinkPad GARDERMOEN 23.Dec.2011 Computer equipment Computer Acer GARDERMOEN 23.Dec.2011 Computer equipment Computer emachines GARDERMOEN 24.Dec.2011 Computer equipment Computer Apple GARDERMOEN 25.Dec.2011 Computer equipment Computer Dell Adamo XPS Laptop HEATHROW 23.Dec.2011 Computer equipment Computer Dell Latitude E6410 HEATHROW 23.Dec.2011 Computer equipment Computer iPad2 HEATHROW 23.Dec.2011 Computer equipment Computer Dell HEATHROW 23.Dec.2011 Computer equipment Computer HP laptop HEATHROW 23.Dec.2011 Computer equipment Computer Sony vaio HEATHROW 24.Dec.2011 Computer equipment Computer Sony vaio HEATHROW 24.Dec.2011 Computer equipment Computer MacBook Air HEATHROW 24.Dec.2011 Computer equipment Computer Apple MacBook Pro HEATHROW 24.Dec.2011 Computer equipment Computer HP HEATHROW 24.Dec.2011 Computer equipment Computer Acer HEATHROW 26.Dec.2011 Computer equipment Computer Apple MacBook Air HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various iPad HEATHROW 23.Dec.2011 Computer equipment Computer equipment/Various Lenovo T400 HEATHROW 23.Dec.2011 Computer equipment Computer equipment/Various iPad HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various iPad HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Logitech HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Padini HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various HP Compaq 2510p HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Macbook pro HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Sony HEATHROW 24.Dec.2011 Computer equipment Computer equipment/Various Amazon Kinldle HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Eee PC 1000H HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Ipad HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Targus HEATHROW 26.Dec.2011 Computer equipment Computer equipment/Various Samsung NP-N145_JP03UK HEATHROW 26.Dec.2011
  • 11.
  • 12. Bitlocker Modes • Basic Mode: - TPM only • Advanced Modes: - TPM + PIN - TPM + USB Dongle - USB Dongle - TPM + PIN + USB Dongle
  • 13. Windows 8 And Bitlocker • Pre-encrypt, ask for pin on first logon • Only encrypt sectors with data • Bitlocker Network Unlock
  • 14. Bitlocker Are Vulnerable When: • The Disk Have Not Yet Been Totally Encrypted • You Don’t Use Pin • Especial If The Computer Have Or Might Get: • Firewire • Thunderbolt • Fake Bios Startup (To Get Pin)
  • 15. Important To Do • Use Bitlocker • Use Pin • Change Pin • Disable Possibility to use - Firewire - Thunderbolt
  • 16. If You Can’t Use Bitlocker Yet
  • 17. Bitlocker Requirements • A computer running: • Windows 7 Enterprise (x86/x64) • Windows 7 Ultimate (x86/x64) • Windows Server 2008 R2 • With TPM • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system • Removable Storage • USB • Floppy • Memory Card
  • 18. Enable Bitlocker On A Virtual Machine For TESTING: 1. Set “Allow Bitlocker without compatible TPM” In a GPO 2. Create a virtual floppy disk 3. Enable bitlocker with «manage-bde» cscript c:WindowsSystem32manage-bde.wsf -on C: -rp -sk A: 4. Restart and it will start to encrypt
  • 20. THE VANILA TASTE BITLOCKE WITHOUT MBAMM
  • 21. Enabling Bitlocker Server Side • On The Schema Master: - C:TempBitlocker Scrip>ldifde -i -v -f BitLockerTPMSchemaExtension.ldf -c "DC=X" "DC=DomainName,DC=com" -k -j . • On Any DC - cscript Add-TPMSelfWriteACE.vbs
  • 22. Enabling Bitlocker Client Side • During Deployment • Best way, but some «challenges» • After Deployment • Manual or script
  • 23. Management • Script • Active Directory User And Computer • ADSI Edit • No Feedback • No Reporting
  • 24.
  • 26. Bitlocker Links • BitLocker Drive Encryption Step-by-Step Guide for Windows 7 http://technet.microsoft.com/en-us/library/dd835565(WS.10).aspx • Using the BitLocker Repair Tool to Recover a Drive http://technet.microsoft.com/en-us/library/ee523219(WS.10).aspx • BitLocker Deployment Sample Resources http://archive.msdn.microsoft.com/bdedeploy • BitLocker Drive Encryption Configuration Guide: Backing Up BitLocker and TPM Recovery Information to Active Directory http://technet.microsoft.com/en-us/library/cc766015(WS.10).aspx • Windows Trusted Platform Module Management Step-by-Step Guide http://technet.microsoft.com/en-us/library/cc749022(WS.10).aspx • BitLocker Drive Encryption Deployment Guide for Windows 7 http://technet.microsoft.com/en-us/library/dd875547(WS.10).aspx
  • 27. Microsoft BitLocker Administration and Monitoring (MBAM) BITLOCKER WITH MBAM
  • 28. Application Virtualization (App-V) Asset Inventory Service (AIS) Turns applications into centrally A hosted service that collects software managed services that are never inventory data and translates it into installed, never conflict, and are actionable business intelligence. streamed on-demand to end users. Diagnostics and Recovery Microsoft Enterprise Desktop Toolset (DaRT) Virtualization (MED-V) MDOP supporting Provides application continuity during Reduces downtime by accelerating the Flexible Workstyle Windows migrations, allowing legacy troubleshooting, repair, and data recovery of unbootable Windows-based applications to run in virtual machine- desktops. based compatibility workspaces. Advanced Group Policy BitLocker Administration Management (AGPM) and Monitoring (MBAM) Enhances governance and control over Makes BitLocker easier and more cost-effective Group Policy through robust change to manage by simplifying deployment and management, versioning, and role- provisioning, improving compliance, and based administration. minimizing support efforts.
  • 29. What is Microsoft BitLocker Administration and Monitoring (MBAM)? • MBAM builds on the BitLocker data protection offering in Windows 7 by providing IT professionals with an enterprise-grade solution for BitLocker provisioning, monitoring, and key recovery. GOALS ARE: Simplify provisioning Provide reporting Reduce support costs 1 and deployment 2 (e.g.: compliance 3 (e.g.: improved & audit) recovery)
  • 30. Prerequisites For Server • Operation System: Windows Server 2008 SP2 (x86/x64) Windows Server 2008 R2 • Database: • Compliance and Audit Report Server • Microsoft Sql Server 2008 R2 Std/Ent/Dev • Recovery and Hardware Database Server • Microsoft Sql Server 2008 R2 Enterprise Only • Security reason: Transparent Data Encryption (TDE)
  • 31.
  • 32. Installing Mbam • Single computer configuration • Everything on a single server. Supported, but only recommended for testing purposes. • Three-computer configuration • Recovery and Hardware Database, Compliance and Audit Reports, and Compliance and Audit Reports features are installed on a server • Administration and Monitoring Server feature is installed on a server • Group Policy template is installed on a server or client computer. • Five-computer configuration • Each server feature is installed on dedicated computers: • Recovery and Hardware Database • Compliance Status Database • Compliance and Audit Reports • Administration and Monitoring Server • Group Policy Template is installed on a server or client computer
  • 33. Installing Mbam • Or In Most Cases 2 Computer • 1 Sql • 1 Mbam w/Group Policy Template • Need To Have GPMC Installed Group Policy Template Server?
  • 34. Prerequisites For Clients • A computer running: • Windows 7 Enterprise (x86/x64) • Windows 7 Ultimate (x86/x64) • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system
  • 35. MBAM Client • Encrypt volumes BEFORE a user receives the computer • Works with Windows 7 deployment tools (MDT/SCCM) • Client can: • Manage TPM reboot process • Be configured with TPM first and PIN later (e.g.: user provides PIN at first logon) • Recovery key escrow can be bypassed and then escrowed when user first logs on • Best Practice • Encrypt volumes AFTER a user receives a computer • Client is provides a Policy Driven Experience • Client will manage TPM reboot process • Standard or Admin users can encrypt • Only use when unencrypted machines appear on the network
  • 36. MBAM Policy Settings • A superset of BitLocker policies • New MBAM Policies • Policy for Fixed Disk Volume Auto-unlock • Hardware capability check before encryption • Allow user to request an exemption • Interval client verifies policy compliance (default = 90 min) • Policy location: • Computer Configuration > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management)
  • 38. Client Troubleshooting BdeHdCfg.exe -target c: shrink -size 300 -quiet –restart http://support.microsoft.com/kb/933246
  • 39. Hardware Capability Management • Some older computers may not properly support TPM • To ensure those computers aren’t encrypted, a feature is included that can be used to define which computers are BitLocker capable • How you turn it on: • Group Policy setting so client checks before encryption starts • From Central Console, define computers that are capable or not
  • 40. How It Works • 1 New Computer Discovered, Info Added To Central HW List 2 State Need To be Modified On Website By • Operator With Permissions 3 When Feature Is Enabled Only Compatible • Computers Will Be Encrypted 4 Mbam Client Check Compatibility Before • Encrypting (Make/Model/Bios Version)
  • 41. Troubleshooting: • “HKLMSoftwareMicrosoftMBAM” Create Dword “NoStartupDelay” value=1 Create Dword “DisableMachineVerification” value=1 • Prevent Delay Of Hardware Compatibility Checking delete this 2 keys and restart the MBAM agent: HKLMsoftwaremicrosoftMBAMHWExemptionTimer HKLMsoftwaremicrosoftMBAMHWExemptionType HWExemptionType are 0=unknown,1=incompatible,2=compatible • Mbam Fails To Start Encrypt Disk %windir%system32bdeHdCfg.exe -target default -size 300 -quiet http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/9e6dc763-03e5-421c-b0c5-33ca89477880 http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/ecd17002-0f06-4a62-845c-920442adb2b5 http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/0f62a250-2eb7-4e9a-aab8-bc4cafb6f71a
  • 42. Compliance and Reporting Need to know how effective Who and when keys Need to know the your rollout is, or how have been accessed and last known state of a compliant your company is? when new hardware has lost computer? been added? • MBAM agent collects and passes data to reporting server • All clients pass this up, encrypted or not • IT can clarify WHY a computer is not compliant • Built on SQL Server® Reporting Services (SSRS), it gives you flexibility to add your own reports
  • 44. Central Storage of Recovery Key • Recovery Key(s) are Escrowed • Operating System Volume • Fixed Data Volumes • Removable Data Volumes • Stored outside of Microsoft Active Directory® • 3-Tier Architecture • DB encrypted with SQL Server’s Transparent Data Encryption • Web Service API to build org-specific solutions • All logging and authorization are done at web service layer to ensure parity for custom apps
  • 45. Helpdesk Key Recovery UI • MBAM provides a web page for helpdesk functionality • Provide BitLocker Recovery Key for authorized users • Provide TPM unlock package for authorized users • All requests (successful or not) are logged: who, when, which volume • Role based authorization model to get recovery info • Tier 1: Helpdesk needs to have person/key match • Tier 2: Key ID is sufficient (limited role) • Create your own custom page leveraging web service layer
  • 46. Single Use Recovery Keys • Once a BitLocker Recovery key has been exposed , the client will create a new one • As part of regular client/server communication, client checks to see if Recovery Key has been exposed • MBAM client will create new one • Transparent to user • Recovery Keys are created once a volume is unlocked
  • 47.
  • 48. MBAM Links • Getting Started With MBAM http://onlinehelp.microsoft.com/mdop/hh285638.aspx • Deploying MBAM http://onlinehelp.microsoft.com/mdop/hh285644.aspx • Operations for MBAM http://onlinehelp.microsoft.com/mdop/hh285664.aspx • Troubleshooting MBAM http://onlinehelp.microsoft.com/mdop/hh352745.aspx • Downloadable MBAM technical documentation http://www.microsoft.com/download/details.aspx?id=27555
  • 49. Friday 16:25 : EDB Ergogroup Stand Saturday 10:05 :Windows 8, what’s The Fuzz All About, Auditorium 6 15:05 : DaRT Flash Talk, Microsoft/HP Stand 16:25 : EDB Ergogroup Stand Blog: olavtvedt.blogspot.com Twitter: @olavtwitt