SlideShare une entreprise Scribd logo

Deploying Microsoft BitLocker

Télécharger en tant que PPTX, PDF
U
utahmisfit

Deploying Microsoft BitLocker Encryption Security

Technologie
1  sur  50
Improved Compliance & Enforcement Challenges Driving maximum compliance Users able to perpetually postpone encryption Lack of PIN complexity Solutions for MBAM 2.5 Added grace period for encryption postponement Automatic encryption enforcement Prevent use of simple PINs (1234, 1111, etc) Support use of Enhanced PINs (Unicode/ASCII, etc)
FIPS 140-2 Support Challenges FIPS required for Federal and other customers BL recovery options for FIPS increase TCO Solutions for MBAM 2.5 Added support for FIPS with DRA for Win7/Win8 Added support for new Windows 8.1 FIPS compliant recovery password
Localization Support Challenges Generally localization support comes 6 months after a major release Customers want localization sooner Solutions for MBAM 2.5 Sim-shipping 11 languages on client and server English (en-US), Simplified Chinese (zh-CN), Korean (ko-KR), German (de-DE), Portuguese (pt-BR), Spanish, es-ES, Traditional Chinese (zh-TW), French (fr-FR), Italian (it-IT), Japanese (ja-JP), Russian (ru-RU)
Performance Challenges Improved scalability on less hardware More real-time reports Solutions for MBAM 2.5 500k clients on minimal hardware Major database and other performance improvements No more CreateCache job for Enterprise Compliance Report
AD Integration Challenges Used local groups for administration Network service and machine accounts Solutions for MBAM 2.5 AD groups for administrative roles Removed System Admin role Using AD accounts and groups across the board
Support for Enterprise Scenarios and Topologies Challenges Enterprises want high availability and DR Limitations in complex multi-forest environments Lack of deployment agility Solutions for MBAM 2.5 Support for load balancing of web components Support for highly available SQL configurations Support for both multi-forest and FQDN’s PowerShell/UI support for feature configuration
Two server topology (web/SQL) recommended to support 500k clients Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz (quad-core) 2.33 GHz or greater (quad-core) RAM 4 GB 8 GB Disk Space 1 GB 2 GB Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz (quad-core) 2.33 GHz or greater (quad-core) RAM 8 GB 12 GB Disk Space 5 GB 5 GB or greater
Feature Account Account Type Databases Access Account User or Group Databases Report Account User or Group Reports Compliance And Audit DB Credential User Reports Reports Read Only Access Group Group Web Apps Advanced Helpdesk Access Group Group Web Apps Helpdesk Access Group Group Web Apps Reports Read Only Access Group Group Web Apps Web Service Application Pool Credential User
All or nothing – couldn’t add or remove individual features Reinstalling or upgrading CM resulted in lost compliance data Couldn’t install into a remote SQL box Challenging to know which certificate to select No PowerShell so couldn’t rerun on multiple machines Lots of screens depending on the path you took – some with one control
Installation separated from configuration Remote SQL Installation Set you up for success with MBAM load balancing ready Streamlined UI Extensive PowerShell to help you set up MBAM in your web farm In place CM object upgrades Better prereq and validation checking to help you be successful Improved logging ADMX templates downloadable from microsoft.comdownloads
Lays down bits and PowerShell cmdlets UI for server configuration Can export PowerShell Enable-MbamDatabase Enable-MbamReports Enable-MbamWebApplication Enable-MbamCMIntegration
MBAM 1.0 to 2.5 Process 1.0 2.0 SP1 2.5 MBAM 2.0 to 2.5 Process Client can go from any version to the latest 2.0 2.0 SP1 2.5
1. 2. 3. 4. 5. 6.
1. 2. 3. 4. 5. 6. 7.
User can postpone encryption until grace period. Calculated based on when volume was determined to be non-compliant. Value cleared when compliant Non-compliance date pushed to MBAM db per volume, but not exposed in reports Can help determine how long machines have been non-compliant Fixed data drives encrypt after OS drive is compliant
Feature Summary Completely new server setup experience Rich HA and DR support Multi-forest/FQDN Grace periods before policy enforcement Automatic encryption after grace period expiration PIN Complexity and Enhanced PIN support FIPS support on Windows 7, 8, and 8.1 Perf improvements Localization
windows.com/enterprise windowsphone.com/business microsoft.com/springboard microsoft.com/mdop microsoft.com/windows/wtg developer.windowsphone.com
Feature Account Account Type Description Databases Access Account User or Group User or group with read/write access to dbs. Web app pool credential should be the same account, or in the group specified. Databases Report Account User or Group User or group that has read only access to the compliance and audit data. Compliance and Audit DB credential should be the same account, or in the group specified. Reports Compliance And Audit DB Credential User User that the local SSRS instance will use to connect to the MBAM Compliance and Audit Database. The domain user in the credentials must be the same as the user account you specified for the Report Account parameter when enabling the databases. If you specified a domain user group for the Report Account parameter, this domain account credential must be a member of that group. Reports Reports Read Only Access Group Group Specifies the domain user group that has read access to the reports. The group you specify must be the same group you specified for the Reports Read Only Access Group parameter when the web apps are enabled. Web Apps Advanced Helpdesk Access Group Group Specifies the domain user group that has access to all areas of the Administration and Monitoring Website except the reports. Web Apps Helpdesk Access Group Group Specifies the domain user group that has access to the "Manage TPM" and "Drive Recovery" areas of the Administration and Monitoring Website. Web Apps Reports Read Only Access Group Group Specifies the domain user group that has read access to the Reports area of the Administration and Monitoring Website. The group you specify must be the same group you specified for the Reports Read Only Access Group parameter when enabling reports. Web Apps Web Service Application Pool Credential User Specifies the domain user that the application pool for the MBAM web applications will use. The user you specify must be the same domain user account you specified in the Access Account parameter when enabling databases, or a member of the group specified.
Enables Enhanced PIN Supports Unicode characters – make sure preboot supports it! We don’t check! Can force to ASCII only – better preboot compatibility Prevents use of simple PINs (1234, 1111, etc)
www.microsoft.com/learning http://microsoft.com/msdnhttp://microsoft.com/technet http://channel9.msdn.com/Events/TechEd
Deploying Microsoft BitLocker
Deploying Microsoft BitLocker
Deploying Microsoft BitLocker

Recommandé

Managing bitlocker with MBAM
Managing bitlocker with MBAMManaging bitlocker with MBAM
Managing bitlocker with MBAMOlav Tvedt
 
Managing bitlocker with mbam
Managing bitlocker with mbamManaging bitlocker with mbam
Managing bitlocker with mbamOlav Tvedt
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
ITE - Chapter 5
ITE - Chapter 5ITE - Chapter 5
ITE - Chapter 5Irsandi Hasan
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner
Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner
Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner BusinesstoVirtual
 
Ekran system functions v. 5.0
Ekran system functions v. 5.0Ekran system functions v. 5.0
Ekran system functions v. 5.0Ekran System Polska
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 

Recommandé

Managing bitlocker with MBAM
Managing bitlocker with MBAMManaging bitlocker with MBAM
Managing bitlocker with MBAMOlav Tvedt
 
Managing bitlocker with mbam
Managing bitlocker with mbamManaging bitlocker with mbam
Managing bitlocker with mbamOlav Tvedt
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
ITE - Chapter 5
ITE - Chapter 5ITE - Chapter 5
ITE - Chapter 5Irsandi Hasan
 
Symantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentSymantec Endpoint Encryption - Proof Of Concept Document
Symantec Endpoint Encryption - Proof Of Concept DocumentIftikhar Ali Iqbal
 
Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner
Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner
Ekran System Forensic Monitoring Tool -BusinesstoVirtual Italy Partner BusinesstoVirtual
 
Ekran system functions v. 5.0
Ekran system functions v. 5.0Ekran system functions v. 5.0
Ekran system functions v. 5.0Ekran System Polska
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption WorksSymantec
 
Aix install
Aix installAix install
Aix installluckyvishu
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaNew Horizons Bulgaria
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_BattlecardLarry Yurdin
 
Installing Aix
Installing AixInstalling Aix
Installing AixFrederick James Rathweg
 
Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Microsoft TechNet
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Windows server administration
Windows server administrationWindows server administration
Windows server administrationTheophilus Tolu Ajayi (MCSE SharePoint)
 
ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5Irsandi Hasan
 
Readme
ReadmeReadme
ReadmeRomyo Badr
 
Sanctuary Device Control
Sanctuary Device ControlSanctuary Device Control
Sanctuary Device ControlHassaanSahloul
 
Aix install via nim
Aix install via nimAix install via nim
Aix install via nimmuhammad adeel
 
ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3Irsandi Hasan
 
Sccm 2016 training
Sccm 2016 trainingSccm 2016 training
Sccm 2016 trainingShrinivas Reddy
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012Microsoft TechNet - Belgium and Luxembourg
 
Domain Migration/Administration for the
Domain Migration/Administration for the Domain Migration/Administration for the
Domain Migration/Administration for the webhostingguy
 
Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayCertification Europe
 
WBH 4.0 Mod 6 - Server Purposing.ppt
WBH 4.0 Mod 6 - Server Purposing.pptWBH 4.0 Mod 6 - Server Purposing.ppt
WBH 4.0 Mod 6 - Server Purposing.pptwebhostingguy
 
IT109 Microsoft Windows Operating Systems Unit 09 lesson12
IT109 Microsoft Windows Operating Systems Unit 09 lesson12IT109 Microsoft Windows Operating Systems Unit 09 lesson12
IT109 Microsoft Windows Operating Systems Unit 09 lesson12blusmurfydot1
 
Data protection in windows
Data protection in windowsData protection in windows
Data protection in windowsVijay Kumar
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemNabeel Ahmed
 

Contenu connexe

Tendances

How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption WorksSymantec
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaNew Horizons Bulgaria
 
Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Microsoft TechNet
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5Irsandi Hasan
 
Sanctuary Device Control
Sanctuary Device ControlSanctuary Device Control
Sanctuary Device ControlHassaanSahloul
 
ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3Irsandi Hasan
 
Domain Migration/Administration for the
Domain Migration/Administration for the Domain Migration/Administration for the
Domain Migration/Administration for the webhostingguy
 
Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayCertification Europe
 
WBH 4.0 Mod 6 - Server Purposing.ppt
WBH 4.0 Mod 6 - Server Purposing.pptWBH 4.0 Mod 6 - Server Purposing.ppt
WBH 4.0 Mod 6 - Server Purposing.pptwebhostingguy
 
IT109 Microsoft Windows Operating Systems Unit 09 lesson12
IT109 Microsoft Windows Operating Systems Unit 09 lesson12IT109 Microsoft Windows Operating Systems Unit 09 lesson12
IT109 Microsoft Windows Operating Systems Unit 09 lesson12blusmurfydot1
 

Tendances (20)

How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption Works
 
Aix install
Aix installAix install
Aix install
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons Bulgaria
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_Battlecard
 
Installing Aix
Installing AixInstalling Aix
Installing Aix
 
Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Windows server administration
Windows server administrationWindows server administration
Windows server administration
 
ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5
 
Readme
ReadmeReadme
Readme
 
Sanctuary Device Control
Sanctuary Device ControlSanctuary Device Control
Sanctuary Device Control
 
Aix install via nim
Aix install via nimAix install via nim
Aix install via nim
 
ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3ITE v5.0 - Chapter 3
ITE v5.0 - Chapter 3
 
Sccm 2016 training
Sccm 2016 trainingSccm 2016 training
Sccm 2016 training
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
Domain Migration/Administration for the
Domain Migration/Administration for the Domain Migration/Administration for the
Domain Migration/Administration for the
 
Implementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective WayImplementing ISO 27001 In A Cost Effective Way
Implementing ISO 27001 In A Cost Effective Way
 
WBH 4.0 Mod 6 - Server Purposing.ppt
WBH 4.0 Mod 6 - Server Purposing.pptWBH 4.0 Mod 6 - Server Purposing.ppt
WBH 4.0 Mod 6 - Server Purposing.ppt
 
IT109 Microsoft Windows Operating Systems Unit 09 lesson12
IT109 Microsoft Windows Operating Systems Unit 09 lesson12IT109 Microsoft Windows Operating Systems Unit 09 lesson12
IT109 Microsoft Windows Operating Systems Unit 09 lesson12
 

En vedette

Data protection in windows
Data protection in windowsData protection in windows
Data protection in windowsVijay Kumar
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemNabeel Ahmed
 
List of Software tools for encryption
List of Software tools for encryptionList of Software tools for encryption
List of Software tools for encryptionCliford John Reandino
 
Smau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, MicrosoftSmau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, MicrosoftSMAU
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
Attacking Windows Authentication and BitLocker Full Disk Encryption
Attacking Windows Authentication and BitLocker Full Disk EncryptionAttacking Windows Authentication and BitLocker Full Disk Encryption
Attacking Windows Authentication and BitLocker Full Disk EncryptionIan Haken
 
Latihan9 comp-forensic-bab6
Latihan9 comp-forensic-bab6Latihan9 comp-forensic-bab6
Latihan9 comp-forensic-bab6sabtolinux
 
Search Engines Presentation
Search Engines PresentationSearch Engines Presentation
Search Engines PresentationJSCHO9
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerDavid Sweigert
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 

En vedette (12)

Data protection in windows
Data protection in windowsData protection in windows
Data protection in windows
 
From zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows systemFrom zero to SYSTEM on full disk encrypted windows system
From zero to SYSTEM on full disk encrypted windows system
 
Bitlocker
BitlockerBitlocker
Bitlocker
 
List of Software tools for encryption
List of Software tools for encryptionList of Software tools for encryption
List of Software tools for encryption
 
Smau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, MicrosoftSmau Milano 2016 - Paola Presutto, Microsoft
Smau Milano 2016 - Paola Presutto, Microsoft
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Attacking Windows Authentication and BitLocker Full Disk Encryption
Attacking Windows Authentication and BitLocker Full Disk EncryptionAttacking Windows Authentication and BitLocker Full Disk Encryption
Attacking Windows Authentication and BitLocker Full Disk Encryption
 
Latihan9 comp-forensic-bab6
Latihan9 comp-forensic-bab6Latihan9 comp-forensic-bab6
Latihan9 comp-forensic-bab6
 
Bitlocker
BitlockerBitlocker
Bitlocker
 
Search Engines Presentation
Search Engines PresentationSearch Engines Presentation
Search Engines Presentation
 
Study notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security PractitionerStudy notes for CompTIA Certified Advanced Security Practitioner
Study notes for CompTIA Certified Advanced Security Practitioner
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Similaire à Deploying Microsoft BitLocker

Nov 2014 2 blu pointe continuity cloudrar-master
Nov 2014 2 blu pointe continuity cloudrar-master Nov 2014 2 blu pointe continuity cloudrar-master
Nov 2014 2 blu pointe continuity cloudrar-master Ron_Roberts
 
Microsoft Product Licensing
Microsoft Product LicensingMicrosoft Product Licensing
Microsoft Product LicensingMotty Ben Atia
 
Gp Installation Presentation
Gp Installation PresentationGp Installation Presentation
Gp Installation Presentationguest2fc298
 
Gp Installation Presentation
Gp Installation PresentationGp Installation Presentation
Gp Installation Presentationddauphin
 
Ws08 R2 Itpro Session 1 Technical Overview Part1
Ws08 R2 Itpro Session 1 Technical Overview Part1Ws08 R2 Itpro Session 1 Technical Overview Part1
Ws08 R2 Itpro Session 1 Technical Overview Part1chenley
 
e-DMZ Products Overview
e-DMZ Products Overviewe-DMZ Products Overview
e-DMZ Products OverviewDell
 
2014 BluPointe DRBContinuity Cloud
2014 BluPointe DRBContinuity Cloud2014 BluPointe DRBContinuity Cloud
2014 BluPointe DRBContinuity CloudRon_Roberts
 
Software design specification
Software design specificationSoftware design specification
Software design specificationSubhashiniSukumar
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討Timothy Chen
 
Partner adaptive backup and recovery 2018
Partner adaptive backup and recovery 2018Partner adaptive backup and recovery 2018
Partner adaptive backup and recovery 2018Juan Niekerk
 
Gathering technical requirements
Gathering technical requirementsGathering technical requirements
Gathering technical requirementsGaurav Pathak
 
W7 Enterprise
W7 EnterpriseW7 Enterprise
W7 Enterprisearalves
 
W7 for IT Professionals
W7 for IT ProfessionalsW7 for IT Professionals
W7 for IT Professionalsguest632c73
 
Delivering People Centric IT with Configuration Manager 2012 R2
Delivering People Centric IT with Configuration Manager 2012 R2Delivering People Centric IT with Configuration Manager 2012 R2
Delivering People Centric IT with Configuration Manager 2012 R2System Center User Group NL
 
Mdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campMdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campOlav Tvedt
 
C Cure Users Group Presentation Final 4
C Cure Users Group Presentation Final 4C Cure Users Group Presentation Final 4
C Cure Users Group Presentation Final 4halgig
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft TechNet
 

Similaire à Deploying Microsoft BitLocker (20)

Nov 2014 2 blu pointe continuity cloudrar-master
Nov 2014 2 blu pointe continuity cloudrar-master Nov 2014 2 blu pointe continuity cloudrar-master
Nov 2014 2 blu pointe continuity cloudrar-master
 
Microsoft Product Licensing
Microsoft Product LicensingMicrosoft Product Licensing
Microsoft Product Licensing
 
SCOM Tips and Tricks
SCOM Tips and TricksSCOM Tips and Tricks
SCOM Tips and Tricks
 
Gp Installation Presentation
Gp Installation PresentationGp Installation Presentation
Gp Installation Presentation
 
Gp Installation Presentation
Gp Installation PresentationGp Installation Presentation
Gp Installation Presentation
 
Ws08 R2 Itpro Session 1 Technical Overview Part1
Ws08 R2 Itpro Session 1 Technical Overview Part1Ws08 R2 Itpro Session 1 Technical Overview Part1
Ws08 R2 Itpro Session 1 Technical Overview Part1
 
e-DMZ Products Overview
e-DMZ Products Overviewe-DMZ Products Overview
e-DMZ Products Overview
 
2014 BluPointe DRBContinuity Cloud
2014 BluPointe DRBContinuity Cloud2014 BluPointe DRBContinuity Cloud
2014 BluPointe DRBContinuity Cloud
 
Software design specification
Software design specificationSoftware design specification
Software design specification
 
0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討0828 Windows Server 2008 新安全功能探討
0828 Windows Server 2008 新安全功能探討
 
Partner adaptive backup and recovery 2018
Partner adaptive backup and recovery 2018Partner adaptive backup and recovery 2018
Partner adaptive backup and recovery 2018
 
Gathering technical requirements
Gathering technical requirementsGathering technical requirements
Gathering technical requirements
 
W7 Enterprise
W7 EnterpriseW7 Enterprise
W7 Enterprise
 
W7 for IT Professionals
W7 for IT ProfessionalsW7 for IT Professionals
W7 for IT Professionals
 
Delivering People Centric IT with Configuration Manager 2012 R2
Delivering People Centric IT with Configuration Manager 2012 R2Delivering People Centric IT with Configuration Manager 2012 R2
Delivering People Centric IT with Configuration Manager 2012 R2
 
Mdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campMdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot camp
 
C Cure Users Group Presentation Final 4
C Cure Users Group Presentation Final 4C Cure Users Group Presentation Final 4
C Cure Users Group Presentation Final 4
 
Sudheendra
SudheendraSudheendra
Sudheendra
 
Microsoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And ControlMicrosoft Windows 7 Enhanced Security And Control
Microsoft Windows 7 Enhanced Security And Control
 
Resume
ResumeResume
Resume
 

Dernier

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Dernier (20)

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Deploying Microsoft BitLocker

  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12. Improved Compliance & Enforcement Challenges Driving maximum compliance Users able to perpetually postpone encryption Lack of PIN complexity Solutions for MBAM 2.5 Added grace period for encryption postponement Automatic encryption enforcement Prevent use of simple PINs (1234, 1111, etc) Support use of Enhanced PINs (Unicode/ASCII, etc)
  • 13. FIPS 140-2 Support Challenges FIPS required for Federal and other customers BL recovery options for FIPS increase TCO Solutions for MBAM 2.5 Added support for FIPS with DRA for Win7/Win8 Added support for new Windows 8.1 FIPS compliant recovery password
  • 14. Localization Support Challenges Generally localization support comes 6 months after a major release Customers want localization sooner Solutions for MBAM 2.5 Sim-shipping 11 languages on client and server English (en-US), Simplified Chinese (zh-CN), Korean (ko-KR), German (de-DE), Portuguese (pt-BR), Spanish, es-ES, Traditional Chinese (zh-TW), French (fr-FR), Italian (it-IT), Japanese (ja-JP), Russian (ru-RU)
  • 15. Performance Challenges Improved scalability on less hardware More real-time reports Solutions for MBAM 2.5 500k clients on minimal hardware Major database and other performance improvements No more CreateCache job for Enterprise Compliance Report
  • 16. AD Integration Challenges Used local groups for administration Network service and machine accounts Solutions for MBAM 2.5 AD groups for administrative roles Removed System Admin role Using AD accounts and groups across the board
  • 17. Support for Enterprise Scenarios and Topologies Challenges Enterprises want high availability and DR Limitations in complex multi-forest environments Lack of deployment agility Solutions for MBAM 2.5 Support for load balancing of web components Support for highly available SQL configurations Support for both multi-forest and FQDN’s PowerShell/UI support for feature configuration
  • 18.
  • 19.
  • 20.
  • 21. Two server topology (web/SQL) recommended to support 500k clients Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz (quad-core) 2.33 GHz or greater (quad-core) RAM 4 GB 8 GB Disk Space 1 GB 2 GB Hardware Component Minimum Requirement Recommended Requirement Processor 2.33 GHz (quad-core) 2.33 GHz or greater (quad-core) RAM 8 GB 12 GB Disk Space 5 GB 5 GB or greater
  • 22.
  • 23.
  • 24.
  • 25.
  • 26. Feature Account Account Type Databases Access Account User or Group Databases Report Account User or Group Reports Compliance And Audit DB Credential User Reports Reports Read Only Access Group Group Web Apps Advanced Helpdesk Access Group Group Web Apps Helpdesk Access Group Group Web Apps Reports Read Only Access Group Group Web Apps Web Service Application Pool Credential User
  • 27. All or nothing – couldn’t add or remove individual features Reinstalling or upgrading CM resulted in lost compliance data Couldn’t install into a remote SQL box Challenging to know which certificate to select No PowerShell so couldn’t rerun on multiple machines Lots of screens depending on the path you took – some with one control
  • 28. Installation separated from configuration Remote SQL Installation Set you up for success with MBAM load balancing ready Streamlined UI Extensive PowerShell to help you set up MBAM in your web farm In place CM object upgrades Better prereq and validation checking to help you be successful Improved logging ADMX templates downloadable from microsoft.comdownloads
  • 29. Lays down bits and PowerShell cmdlets UI for server configuration Can export PowerShell Enable-MbamDatabase Enable-MbamReports Enable-MbamWebApplication Enable-MbamCMIntegration
  • 30.
  • 31. MBAM 1.0 to 2.5 Process 1.0 2.0 SP1 2.5 MBAM 2.0 to 2.5 Process Client can go from any version to the latest 2.0 2.0 SP1 2.5
  • 34.
  • 35. User can postpone encryption until grace period. Calculated based on when volume was determined to be non-compliant. Value cleared when compliant Non-compliance date pushed to MBAM db per volume, but not exposed in reports Can help determine how long machines have been non-compliant Fixed data drives encrypt after OS drive is compliant
  • 36.
  • 37.
  • 38. Feature Summary Completely new server setup experience Rich HA and DR support Multi-forest/FQDN Grace periods before policy enforcement Automatic encryption after grace period expiration PIN Complexity and Enhanced PIN support FIPS support on Windows 7, 8, and 8.1 Perf improvements Localization
  • 39.
  • 40.
  • 41.
  • 42.
  • 44.
  • 45. Feature Account Account Type Description Databases Access Account User or Group User or group with read/write access to dbs. Web app pool credential should be the same account, or in the group specified. Databases Report Account User or Group User or group that has read only access to the compliance and audit data. Compliance and Audit DB credential should be the same account, or in the group specified. Reports Compliance And Audit DB Credential User User that the local SSRS instance will use to connect to the MBAM Compliance and Audit Database. The domain user in the credentials must be the same as the user account you specified for the Report Account parameter when enabling the databases. If you specified a domain user group for the Report Account parameter, this domain account credential must be a member of that group. Reports Reports Read Only Access Group Group Specifies the domain user group that has read access to the reports. The group you specify must be the same group you specified for the Reports Read Only Access Group parameter when the web apps are enabled. Web Apps Advanced Helpdesk Access Group Group Specifies the domain user group that has access to all areas of the Administration and Monitoring Website except the reports. Web Apps Helpdesk Access Group Group Specifies the domain user group that has access to the "Manage TPM" and "Drive Recovery" areas of the Administration and Monitoring Website. Web Apps Reports Read Only Access Group Group Specifies the domain user group that has read access to the Reports area of the Administration and Monitoring Website. The group you specify must be the same group you specified for the Reports Read Only Access Group parameter when enabling reports. Web Apps Web Service Application Pool Credential User Specifies the domain user that the application pool for the MBAM web applications will use. The user you specify must be the same domain user account you specified in the Access Account parameter when enabling databases, or a member of the group specified.
  • 46. Enables Enhanced PIN Supports Unicode characters – make sure preboot supports it! We don’t check! Can force to ASCII only – better preboot compatibility Prevents use of simple PINs (1234, 1111, etc)