SlideShare ist ein Scribd-Unternehmen logo

Managing bitlocker with MBAM

Olav Tvedt
Olav Tvedt

A look on Microsoft Desktop optimization Pack's MBAM for administration and management of Bitlocker computers

Technologie
1 von 34
Downloaden Sie, um offline zu lesen
Managing BitLocker With MBAM Olav Tvedt Reidar Johansen Consigliore Senior Infrastructur Consultant STEP Member, MVP Setup & Deployment
AGENDA • What Is Bitlocker • Why Use Disk Encryption • Bitlocker News In Windows 8 • Bitlocker With MBAM • Bitlocker With MBAM And SCCM
What Is Bitlocker
What Is Bitlocker Encrypts • Operating System Drive • Fixed Data Drive • Removable Data Drive Checks After Changes • Bios • System/Startup Files
Why Use Disk Encryption?
Bitlocker Modes Basic Mode: • TPM only • Password Mode (Windows 8) Advanced Modes: • TPM + PIN • TPM + USB Dongle • USB Dongle • TPM + PIN + USB Dongle
BitLocker Are Vulnerable When: • The Disk Have Not Yet Been Totally Encrypted • You Don’t Use Pin Especial If The Computer Have Or Might Get: - Firewire - Thunderbolt • Fake Bios Startup (To Get Pin)
BitLocker Requirements • A computer running: • Windows 7 Enterprise/Ultimate • Windows 8 Pro/Enterprise • Windows Server 2008 R2 • Windows Server 2012 • With TPM • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system • Removable Storage • USB • Floppy • Memory Card
Enable Bitlocker On A Virtual Machine For TESTING: 1. Set “Allow Bitlocker without compatible TPM” In a GPO 2. Create a virtual floppy disk 3. Enable bitlocker with «manage-bde» cscript c:WindowsSystem32manage-bde.wsf -on C: -rp -sk A: 4. Restart and it will start to encrypt Window 8 Can run with Password directly in a virtual environment
http://olavtvedt.blogspot.com/2012/01/running-bitlocker-on-virtual-computer.html http://vninja.net/virtualization/creating-virtual-floppy-vsphere/
BitLocker News In Windows 8 Overview • Support for failover cluster and SAN storage. • BitLocker pre-provisioning • Used disk space-only encryption • Standard user PIN and password selection • Bitlocker Network Unlock
BitLocker News In Windows 8 BitLocker pre-provisioning • Enable BitLocker before OS is installed • Random encryption key stored unprotected • Needs to be activated to protect key
Microsoft BitLocker Administration and Monitoring (MBAM) BITLOCKER WITH MBAM
What is Microsoft BitLocker Administration and Monitoring (MBAM)? MBAM builds on the BitLocker data protection offering in Windows 7 by providing IT professionals with an enterprise-grade solution for BitLocker provisioning, monitoring, and key recovery. GOALS ARE: Simplify provisioning Provide reporting Reduce support costs 1 and deployment 2 (e.g.: compliance & 3 (e.g.: improved audit) recovery)
Prerequisites For Server Operation System: Windows Server 2008 SP2 (x86/x64) Windows Server 2008 R2 Windows Server 2012 (Some issues with web in beta) Database: Compliance and Audit Report Server Microsoft Sql Server 2008 R2 Std/Ent/Dev Recovery and Hardware Database Server Microsoft Sql Server 2008 R2 Enterprise Only Security reason: Transparent Data Encryption (TDE)
Installing Mbam • Single computer configuration - Everything on a single server. - Supported, but only recommended for testing purposes. • Three-computer configuration - Recovery and Hardware Database, Compliance and Audit Reports, and Compliance and Audit Reports features are installed on a server - Administration and Monitoring Server feature is installed on a server - Group Policy template is installed on a server or client computer. • Five-computer configuration Each server feature is installed on dedicated computers: - Recovery and Hardware Database - Compliance Status Database - Compliance and Audit Reports - Administration and Monitoring Server - Group Policy Template is installed on a server or client computer
Prerequisites For Clients • A computer running: - Windows 7 Enterprise/Ultimate - Windows 8 Enterprise (Pro will work but not covered with SA license) • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system
MBAM Client Encrypt volumes BEFORE a user receives the computer Works with Windows 7 deployment tools (MDT/SCCM) Client can: Manage TPM reboot process Be configured with TPM first and PIN later (e.g.: user provides PIN at first logon) Recovery key escrow can be bypassed and then escrowed when user first logs on Best Practice Encrypt volumes AFTER a user receives a computer Client is provides a Policy Driven Experience Client will manage TPM reboot process Standard or Admin users can encrypt Only use when unencrypted machines appear on the network
MBAM Policy Settings A superset of BitLocker policies New MBAM Policies Policy for Fixed Disk Volume Auto-unlock Hardware capability check before encryption Allow user to request an exemption Interval client verifies policy compliance (default = 90 min) Policy location: Computer Configuration > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management)
Client Experience
Compliance and Reporting • MBAM agent collects and passes data to reporting server (All clients pass this up, encrypted or not. IT can clarify WHY a computer is not compliant) • Built on SQL Server® Reporting Services (SSRS), it gives you flexibility to add your own reports Need to know how effective Who and when keys have Need to know the your rollout is, or how been accessed and when last known state of a compliant your company is? new hardware has been lost computer? added?
Central Storage of Recovery Key Recovery Key(s) are Escrowed Operating System Volume Fixed Data Volumes Removable Data Volumes Stored outside of Microsoft Active Directory® 3-Tier Architecture DB encrypted with SQL Server’s Transparent Data Encryption Web Service API to build org-specific solutions All logging and authorization are done at web service layer to ensure parity for custom apps
Helpdesk Key Recovery UI MBAM provides a web page for helpdesk functionality Provide BitLocker Recovery Key for authorized users Provide TPM unlock package for authorized users All requests (successful or not) are logged: who, when, which volume Role based authorization model to get recovery info Tier 1: Helpdesk needs to have person/key match Tier 2: Key ID is sufficient (limited role) Create your own custom page leveraging web service layer
Single Use Recovery Keys Once a BitLocker Recovery key has been exposed , the client will create a new one As part of regular client/server communication, client checks to see if Recovery Key has been exposed MBAM client will create new one Transparent to user Recovery Keys are created once a volume is unlocked
BitLocker With MBAM And SCCM Overview • Eliminates MBAM compliance infrastructure, view compliance status and reports in SCCM Console. • Setup integrates three elements in SCCM:  Desired Configuration Management Components  Two Configuration items / CIs  One Baseline  One Collection  Four Reports
BitLocker With MBAM And SCCM Integration Components explained • Collection every 12 hours, finds computers with supported OS (Win7 ent/ult and Win8), is physical and has TPM 1.2 or higher. • Configuration Baseline verifies compliance based on what is defined in Group Policy. • The CIs collects details and evaluates compliance status for computers.
BitLocker With MBAM And SCCM Reports explained • BitLocker Computer Compliance Look at individual computer status of compliance • BitLocker Enterprise Compliance Dashboard Four views: Compliance status, Non-Compliant – error distribution, Compliance status by drive type, Top 10 non compliant hardware • BitLocker Enterprise Compliance Details Compliance status of the Enterprise • BitLocker Enterprise Compliance Summary Summary of each Computer’s state with drill-down based on state.
BitLocker With MBAM And SCCM Installation • Make sure MBAM server and databases are in working order, then on SCCM server(s): • Edit configuration.mof and import sms_def.mof Look at documentation here: https://connect.microsoft.com/MDOPTAP • Enable the Win32_Tpm class
BitLocker With MBAM And SCCM Installation • Start ServerMBAMsetup.exe, and after initial steps, choose Topology System Center Configuration Manager Integration:
BitLocker With MBAM And SCCM Installation • Provided the other features are up and running on other servers, choose only System Center CM Integration feature:
BitLocker With MBAM And SCCM T Sequence ask • With SCCM SP1 BitLocker support for Windows 8 and Server 2012 has been added to the Task Sequence. • In the Client Settings you can choose to Suspend BitLocker PIN entry on restart.
THE END! Olav Tvedt Reidar Johansen Consigliore Senior Infrastructur Consultant STEP Member, MVP Setup & Deployment

Empfohlen

Deploying Microsoft BitLocker
Deploying Microsoft BitLockerDeploying Microsoft BitLocker
Deploying Microsoft BitLockerutahmisfit
 
Managing bitlocker with mbam
Managing bitlocker with mbamManaging bitlocker with mbam
Managing bitlocker with mbamOlav Tvedt
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
ITE - Chapter 5
ITE - Chapter 5ITE - Chapter 5
ITE - Chapter 5Irsandi Hasan
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Microsoft TechNet
 
Windows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningWindows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningAcend Corporate Learning
 

Empfohlen

Deploying Microsoft BitLocker
Deploying Microsoft BitLockerDeploying Microsoft BitLocker
Deploying Microsoft BitLockerutahmisfit
 
Managing bitlocker with mbam
Managing bitlocker with mbamManaging bitlocker with mbam
Managing bitlocker with mbamOlav Tvedt
 
Bit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesBit locker Drive Encryption: How it Works and How it Compares
Bit locker Drive Encryption: How it Works and How it ComparesLumension
 
CSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoCSF18 - BitLocker Deep Dive - Sami Laiho
CSF18 - BitLocker Deep Dive - Sami LaihoNCCOMMS
 
ITE - Chapter 5
ITE - Chapter 5ITE - Chapter 5
ITE - Chapter 5Irsandi Hasan
 
System Client Details
System Client DetailsSystem Client Details
System Client DetailsSyAM Software
 
Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Deploying Windows Vista Service Pack 1
Deploying Windows Vista Service Pack 1Microsoft TechNet
 
Windows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningWindows 7 Seminar - Acend Corporate Learning
Windows 7 Seminar - Acend Corporate LearningAcend Corporate Learning
 
How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption WorksSymantec
 
Sccm 2016 training
Sccm 2016 trainingSccm 2016 training
Sccm 2016 trainingShrinivas Reddy
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)ITCamp
 
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1ITCamp
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_BattlecardLarry Yurdin
 
Automated Operating System Deployment Using SCCM 2012
Automated Operating System Deployment Using SCCM 2012Automated Operating System Deployment Using SCCM 2012
Automated Operating System Deployment Using SCCM 2012Abdelslam Elsobky
 
Readme
ReadmeReadme
ReadmeRomyo Badr
 
201304 mms2013 feedback-pc-device管理
201304 mms2013 feedback-pc-device管理201304 mms2013 feedback-pc-device管理
201304 mms2013 feedback-pc-device管理Osamu Takazoe
 
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...Spiceworks
 
ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5Irsandi Hasan
 
VMS Troubleshooting Guide
VMS Troubleshooting GuideVMS Troubleshooting Guide
VMS Troubleshooting GuideMichael Dotson
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaNew Horizons Bulgaria
 
Stephan pfister flexcast remote pc new
Stephan pfister flexcast remote pc newStephan pfister flexcast remote pc new
Stephan pfister flexcast remote pc newDigicomp Academy AG
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012Microsoft TechNet - Belgium and Luxembourg
 
W8 client management
W8 client managementW8 client management
W8 client managementJaroslav Karlik
 
Strengthen Password Security for IBM i With Multi-Factor Authentication
Strengthen Password Security for IBM i With Multi-Factor AuthenticationStrengthen Password Security for IBM i With Multi-Factor Authentication
Strengthen Password Security for IBM i With Multi-Factor AuthenticationPrecisely
 
Grant Thomas - Understanding Hardware Security Threats
Grant Thomas - Understanding Hardware Security ThreatsGrant Thomas - Understanding Hardware Security Threats
Grant Thomas - Understanding Hardware Security ThreatsPro Mrkt
 
Mdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campMdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campOlav Tvedt
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 

Weitere ähnliche Inhalte

Was ist angesagt?

How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption WorksSymantec
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Vinayak Hegde
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Iftikhar Ali Iqbal
 
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)ITCamp
 
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1ITCamp
 
Automated Operating System Deployment Using SCCM 2012
Automated Operating System Deployment Using SCCM 2012Automated Operating System Deployment Using SCCM 2012
Automated Operating System Deployment Using SCCM 2012Abdelslam Elsobky
 
201304 mms2013 feedback-pc-device管理
201304 mms2013 feedback-pc-device管理201304 mms2013 feedback-pc-device管理
201304 mms2013 feedback-pc-device管理Osamu Takazoe
 
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...Spiceworks
 
ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5Irsandi Hasan
 
VMS Troubleshooting Guide
VMS Troubleshooting GuideVMS Troubleshooting Guide
VMS Troubleshooting GuideMichael Dotson
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaNew Horizons Bulgaria
 
Stephan pfister flexcast remote pc new
Stephan pfister flexcast remote pc newStephan pfister flexcast remote pc new
Stephan pfister flexcast remote pc newDigicomp Academy AG
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementDsunte Wilson
 
Strengthen Password Security for IBM i With Multi-Factor Authentication
Strengthen Password Security for IBM i With Multi-Factor AuthenticationStrengthen Password Security for IBM i With Multi-Factor Authentication
Strengthen Password Security for IBM i With Multi-Factor AuthenticationPrecisely
 
Grant Thomas - Understanding Hardware Security Threats
Grant Thomas - Understanding Hardware Security ThreatsGrant Thomas - Understanding Hardware Security Threats
Grant Thomas - Understanding Hardware Security ThreatsPro Mrkt
 

Was ist angesagt? (20)

How Endpoint Encryption Works
How Endpoint Encryption WorksHow Endpoint Encryption Works
How Endpoint Encryption Works
 
Sccm 2016 training
Sccm 2016 trainingSccm 2016 training
Sccm 2016 training
 
Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)Microsoft (Data Protection Solutions)
Microsoft (Data Protection Solutions)
 
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
Symantec Endpoint Protection vs Sophos Endpoint Protection (Competitive Analy...
 
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
Managing Mobile Devices with Windows Intune and SCCM 2012 (Adrian Stoian)
 
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1
ITCamp 2013 - Adrian Stoian - Whats new in ConfigMgr 2012 SP1
 
SP1_Battlecard
SP1_BattlecardSP1_Battlecard
SP1_Battlecard
 
Automated Operating System Deployment Using SCCM 2012
Automated Operating System Deployment Using SCCM 2012Automated Operating System Deployment Using SCCM 2012
Automated Operating System Deployment Using SCCM 2012
 
Readme
ReadmeReadme
Readme
 
201304 mms2013 feedback-pc-device管理
201304 mms2013 feedback-pc-device管理201304 mms2013 feedback-pc-device管理
201304 mms2013 feedback-pc-device管理
 
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...
How Spiceworks Integrated Intel Technology into the Spiceworks IT Desktop - K...
 
ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5ITE v5.0 - Chapter 5
ITE v5.0 - Chapter 5
 
VMS Troubleshooting Guide
VMS Troubleshooting GuideVMS Troubleshooting Guide
VMS Troubleshooting Guide
 
Windows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons BulgariaWindows 7 in 60 minutes - New Horizons Bulgaria
Windows 7 in 60 minutes - New Horizons Bulgaria
 
Stephan pfister flexcast remote pc new
Stephan pfister flexcast remote pc newStephan pfister flexcast remote pc new
Stephan pfister flexcast remote pc new
 
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database ManagementSYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
SYMANTEC ENDPOINT PROTECTION Performing Server and Database Management
 
SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012SCEP 2012 inside SCCM 2012
SCEP 2012 inside SCCM 2012
 
W8 client management
W8 client managementW8 client management
W8 client management
 
Strengthen Password Security for IBM i With Multi-Factor Authentication
Strengthen Password Security for IBM i With Multi-Factor AuthenticationStrengthen Password Security for IBM i With Multi-Factor Authentication
Strengthen Password Security for IBM i With Multi-Factor Authentication
 
Grant Thomas - Understanding Hardware Security Threats
Grant Thomas - Understanding Hardware Security ThreatsGrant Thomas - Understanding Hardware Security Threats
Grant Thomas - Understanding Hardware Security Threats
 

Ähnlich wie Managing bitlocker with MBAM

Mdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campMdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campOlav Tvedt
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoNCCOMMS
 
bitlocker requirement and implementation.pptx
bitlocker requirement and implementation.pptxbitlocker requirement and implementation.pptx
bitlocker requirement and implementation.pptxgomsllhi
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise247infotech
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Projectwsolomoniv
 
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...psaramago1
 
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...psaramago1
 
Arcelor Mittal intern
Arcelor Mittal internArcelor Mittal intern
Arcelor Mittal internAnshul Jain
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXPaloSanto Solutions
 
Modern Operating System Windows Server 2008
Modern Operating System Windows Server 2008Modern Operating System Windows Server 2008
Modern Operating System Windows Server 2008Sneha Chopra
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedWes Moskal-Fitzpatrick
 
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...Bp307 Practical Solutions for Connections Administrators, tips and scrips for...
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...Sharon James
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Sophos Benelux
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12gameaxt
 
Hypervisor and VDI security
Hypervisor and VDI securityHypervisor and VDI security
Hypervisor and VDI securityDenis Gundarev
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxssusere142fe
 
The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architectureG Prachi
 

Ähnlich wie Managing bitlocker with MBAM (20)

Mdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot campMdop session from Microsoft partner boot camp
Mdop session from Microsoft partner boot camp
 
CSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami LaihoCSF18 - GDPR - Sami Laiho
CSF18 - GDPR - Sami Laiho
 
bitlocker requirement and implementation.pptx
bitlocker requirement and implementation.pptxbitlocker requirement and implementation.pptx
bitlocker requirement and implementation.pptx
 
Windows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterpriseWindows 7 professional Vs Windows 7 enterprise
Windows 7 professional Vs Windows 7 enterprise
 
Server 2008 Project
Server 2008 ProjectServer 2008 Project
Server 2008 Project
 
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
 
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
TechNet livemeeting_Should I upgrade to SCOM 2012 (Dieter Wijckmans's conflic...
 
Arcelor Mittal intern
Arcelor Mittal internArcelor Mittal intern
Arcelor Mittal intern
 
Ite v5.0 chapter5
Ite v5.0 chapter5Ite v5.0 chapter5
Ite v5.0 chapter5
 
Todo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBXTodo lo lo que necesita saber para implementar FreePBX
Todo lo lo que necesita saber para implementar FreePBX
 
Modern Operating System Windows Server 2008
Modern Operating System Windows Server 2008Modern Operating System Windows Server 2008
Modern Operating System Windows Server 2008
 
03 bit locker-mod03
03 bit locker-mod0303 bit locker-mod03
03 bit locker-mod03
 
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys LimitedScoping for BMC Discovery (ADDM) Deployment by Traversys Limited
Scoping for BMC Discovery (ADDM) Deployment by Traversys Limited
 
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...Bp307 Practical Solutions for Connections Administrators, tips and scrips for...
Bp307 Practical Solutions for Connections Administrators, tips and scrips for...
 
Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014Securing with Sophos - Sophos Day Belux 2014
Securing with Sophos - Sophos Day Belux 2014
 
Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12Microsoft Offical Course 20410C_12
Microsoft Offical Course 20410C_12
 
Hypervisor and VDI security
Hypervisor and VDI securityHypervisor and VDI security
Hypervisor and VDI security
 
STE_DailyHC_TSMV6.pptx
STE_DailyHC_TSMV6.pptxSTE_DailyHC_TSMV6.pptx
STE_DailyHC_TSMV6.pptx
 
Review of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptxReview of Hardware based solutions for trusted cloud computing.pptx
Review of Hardware based solutions for trusted cloud computing.pptx
 
The trusted computing architecture
The trusted computing architectureThe trusted computing architecture
The trusted computing architecture
 

Mehr von Olav Tvedt

MVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingMVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingOlav Tvedt
 
Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Olav Tvedt
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceOlav Tvedt
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its contentOlav Tvedt
 
NIC - Lets put the business into one drive
NIC - Lets put the business into one driveNIC - Lets put the business into one drive
NIC - Lets put the business into one driveOlav Tvedt
 
Securing the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useSecuring the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useOlav Tvedt
 
The Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekThe Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekOlav Tvedt
 
What’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateWhat’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateOlav Tvedt
 
Let's put the business into onedrive for business
Let's put the business into onedrive for businessLet's put the business into onedrive for business
Let's put the business into onedrive for businessOlav Tvedt
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A ServiceOlav Tvedt
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?Olav Tvedt
 
ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation Olav Tvedt
 
Microsoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceMicrosoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceOlav Tvedt
 
Microsoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaMicrosoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaOlav Tvedt
 
Microsoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryMicrosoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryOlav Tvedt
 
Modern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementModern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementOlav Tvedt
 
Modern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaModern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaOlav Tvedt
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide DeckOlav Tvedt
 

Mehr von Olav Tvedt (20)

MVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothingMVP Dagen 2021 - Money for nothing
MVP Dagen 2021 - Money for nothing
 
Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...Brk30010 - With so many different ways to secure data across the Office 365 p...
Brk30010 - With so many different ways to secure data across the Office 365 p...
 
SharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the deviceSharePoint Conference - Secure the data, not the device
SharePoint Conference - Secure the data, not the device
 
NIC - Securing one drive and its content
NIC - Securing one drive and its contentNIC - Securing one drive and its content
NIC - Securing one drive and its content
 
NIC - Lets put the business into one drive
NIC - Lets put the business into one driveNIC - Lets put the business into one drive
NIC - Lets put the business into one drive
 
Securing the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the useSecuring the weakest link adding security layers while keeping the use
Securing the weakest link adding security layers while keeping the use
 
The Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last weekThe Windows 10 tips you wished you knew last week
The Windows 10 tips you wished you knew last week
 
What’s new for SMBs in fall creators update
What’s new for SMBs in fall creators updateWhat’s new for SMBs in fall creators update
What’s new for SMBs in fall creators update
 
Let's put the business into onedrive for business
Let's put the business into onedrive for businessLet's put the business into onedrive for business
Let's put the business into onedrive for business
 
Security As A Service
Security As A ServiceSecurity As A Service
Security As A Service
 
Hackcon 2017
Hackcon 2017Hackcon 2017
Hackcon 2017
 
MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?MTUG - På tide med litt oversikt og kontroll?
MTUG - På tide med litt oversikt og kontroll?
 
ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation ALSO Roadshow - Azure and EMS presentation
ALSO Roadshow - Azure and EMS presentation
 
Bsm mw10
Bsm mw10Bsm mw10
Bsm mw10
 
Microsoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a serviceMicrosoft Windows 10 Bootcamp - Windows as a service
Microsoft Windows 10 Bootcamp - Windows as a service
 
Microsoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline mediaMicrosoft Windows 10 Bootcamp - MDT Offline media
Microsoft Windows 10 Bootcamp - MDT Offline media
 
Microsoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directoryMicrosoft Windows 10 Bootcamp - Active directory
Microsoft Windows 10 Bootcamp - Active directory
 
Modern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - ManagementModern Workplace Summit 2015 - Management
Modern Workplace Summit 2015 - Management
 
Modern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline mediaModern Workplace Summit 2015 - Surface and offline media
Modern Workplace Summit 2015 - Surface and offline media
 
#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck#EVRYWhatsNext EMS Slide Deck
#EVRYWhatsNext EMS Slide Deck
 

Kürzlich hochgeladen

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embeddingZilliz
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfSeasiaInfotech2
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Kürzlich hochgeladen (20)

Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Training state-of-the-art general text embedding
Training state-of-the-art general text embeddingTraining state-of-the-art general text embedding
Training state-of-the-art general text embedding
 
The Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdfThe Future of Software Development - Devin AI Innovative Approach.pdf
The Future of Software Development - Devin AI Innovative Approach.pdf
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Managing bitlocker with MBAM

  • 1. Managing BitLocker With MBAM Olav Tvedt Reidar Johansen Consigliore Senior Infrastructur Consultant STEP Member, MVP Setup & Deployment
  • 2. AGENDA • What Is Bitlocker • Why Use Disk Encryption • Bitlocker News In Windows 8 • Bitlocker With MBAM • Bitlocker With MBAM And SCCM
  • 4. What Is Bitlocker Encrypts • Operating System Drive • Fixed Data Drive • Removable Data Drive Checks After Changes • Bios • System/Startup Files
  • 5. Why Use Disk Encryption?
  • 6.
  • 7. Bitlocker Modes Basic Mode: • TPM only • Password Mode (Windows 8) Advanced Modes: • TPM + PIN • TPM + USB Dongle • USB Dongle • TPM + PIN + USB Dongle
  • 8. BitLocker Are Vulnerable When: • The Disk Have Not Yet Been Totally Encrypted • You Don’t Use Pin Especial If The Computer Have Or Might Get: - Firewire - Thunderbolt • Fake Bios Startup (To Get Pin)
  • 9. BitLocker Requirements • A computer running: • Windows 7 Enterprise/Ultimate • Windows 8 Pro/Enterprise • Windows Server 2008 R2 • Windows Server 2012 • With TPM • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system • Removable Storage • USB • Floppy • Memory Card
  • 10. Enable Bitlocker On A Virtual Machine For TESTING: 1. Set “Allow Bitlocker without compatible TPM” In a GPO 2. Create a virtual floppy disk 3. Enable bitlocker with «manage-bde» cscript c:WindowsSystem32manage-bde.wsf -on C: -rp -sk A: 4. Restart and it will start to encrypt Window 8 Can run with Password directly in a virtual environment
  • 12. BitLocker News In Windows 8 Overview • Support for failover cluster and SAN storage. • BitLocker pre-provisioning • Used disk space-only encryption • Standard user PIN and password selection • Bitlocker Network Unlock
  • 13. BitLocker News In Windows 8 BitLocker pre-provisioning • Enable BitLocker before OS is installed • Random encryption key stored unprotected • Needs to be activated to protect key
  • 14. Microsoft BitLocker Administration and Monitoring (MBAM) BITLOCKER WITH MBAM
  • 15. What is Microsoft BitLocker Administration and Monitoring (MBAM)? MBAM builds on the BitLocker data protection offering in Windows 7 by providing IT professionals with an enterprise-grade solution for BitLocker provisioning, monitoring, and key recovery. GOALS ARE: Simplify provisioning Provide reporting Reduce support costs 1 and deployment 2 (e.g.: compliance & 3 (e.g.: improved audit) recovery)
  • 16. Prerequisites For Server Operation System: Windows Server 2008 SP2 (x86/x64) Windows Server 2008 R2 Windows Server 2012 (Some issues with web in beta) Database: Compliance and Audit Report Server Microsoft Sql Server 2008 R2 Std/Ent/Dev Recovery and Hardware Database Server Microsoft Sql Server 2008 R2 Enterprise Only Security reason: Transparent Data Encryption (TDE)
  • 17. Installing Mbam • Single computer configuration - Everything on a single server. - Supported, but only recommended for testing purposes. • Three-computer configuration - Recovery and Hardware Database, Compliance and Audit Reports, and Compliance and Audit Reports features are installed on a server - Administration and Monitoring Server feature is installed on a server - Group Policy template is installed on a server or client computer. • Five-computer configuration Each server feature is installed on dedicated computers: - Recovery and Hardware Database - Compliance Status Database - Compliance and Audit Reports - Administration and Monitoring Server - Group Policy Template is installed on a server or client computer
  • 18. Prerequisites For Clients • A computer running: - Windows 7 Enterprise/Ultimate - Windows 8 Enterprise (Pro will work but not covered with SA license) • A Trusted Computing Group (TCG)-compliant BIOS • TPM microchip version 1.2 (turned on) • TPM must be resettable from the operating system
  • 19. MBAM Client Encrypt volumes BEFORE a user receives the computer Works with Windows 7 deployment tools (MDT/SCCM) Client can: Manage TPM reboot process Be configured with TPM first and PIN later (e.g.: user provides PIN at first logon) Recovery key escrow can be bypassed and then escrowed when user first logs on Best Practice Encrypt volumes AFTER a user receives a computer Client is provides a Policy Driven Experience Client will manage TPM reboot process Standard or Admin users can encrypt Only use when unencrypted machines appear on the network
  • 20. MBAM Policy Settings A superset of BitLocker policies New MBAM Policies Policy for Fixed Disk Volume Auto-unlock Hardware capability check before encryption Allow user to request an exemption Interval client verifies policy compliance (default = 90 min) Policy location: Computer Configuration > Administrative Templates > Windows Components > MDOP MBAM (BitLocker Management)
  • 22. Compliance and Reporting • MBAM agent collects and passes data to reporting server (All clients pass this up, encrypted or not. IT can clarify WHY a computer is not compliant) • Built on SQL Server® Reporting Services (SSRS), it gives you flexibility to add your own reports Need to know how effective Who and when keys have Need to know the your rollout is, or how been accessed and when last known state of a compliant your company is? new hardware has been lost computer? added?
  • 23. Central Storage of Recovery Key Recovery Key(s) are Escrowed Operating System Volume Fixed Data Volumes Removable Data Volumes Stored outside of Microsoft Active Directory® 3-Tier Architecture DB encrypted with SQL Server’s Transparent Data Encryption Web Service API to build org-specific solutions All logging and authorization are done at web service layer to ensure parity for custom apps
  • 24. Helpdesk Key Recovery UI MBAM provides a web page for helpdesk functionality Provide BitLocker Recovery Key for authorized users Provide TPM unlock package for authorized users All requests (successful or not) are logged: who, when, which volume Role based authorization model to get recovery info Tier 1: Helpdesk needs to have person/key match Tier 2: Key ID is sufficient (limited role) Create your own custom page leveraging web service layer
  • 25. Single Use Recovery Keys Once a BitLocker Recovery key has been exposed , the client will create a new one As part of regular client/server communication, client checks to see if Recovery Key has been exposed MBAM client will create new one Transparent to user Recovery Keys are created once a volume is unlocked
  • 26.
  • 27. BitLocker With MBAM And SCCM Overview • Eliminates MBAM compliance infrastructure, view compliance status and reports in SCCM Console. • Setup integrates three elements in SCCM:  Desired Configuration Management Components  Two Configuration items / CIs  One Baseline  One Collection  Four Reports
  • 28. BitLocker With MBAM And SCCM Integration Components explained • Collection every 12 hours, finds computers with supported OS (Win7 ent/ult and Win8), is physical and has TPM 1.2 or higher. • Configuration Baseline verifies compliance based on what is defined in Group Policy. • The CIs collects details and evaluates compliance status for computers.
  • 29. BitLocker With MBAM And SCCM Reports explained • BitLocker Computer Compliance Look at individual computer status of compliance • BitLocker Enterprise Compliance Dashboard Four views: Compliance status, Non-Compliant – error distribution, Compliance status by drive type, Top 10 non compliant hardware • BitLocker Enterprise Compliance Details Compliance status of the Enterprise • BitLocker Enterprise Compliance Summary Summary of each Computer’s state with drill-down based on state.
  • 30. BitLocker With MBAM And SCCM Installation • Make sure MBAM server and databases are in working order, then on SCCM server(s): • Edit configuration.mof and import sms_def.mof Look at documentation here: https://connect.microsoft.com/MDOPTAP • Enable the Win32_Tpm class
  • 31. BitLocker With MBAM And SCCM Installation • Start ServerMBAMsetup.exe, and after initial steps, choose Topology System Center Configuration Manager Integration:
  • 32. BitLocker With MBAM And SCCM Installation • Provided the other features are up and running on other servers, choose only System Center CM Integration feature:
  • 33. BitLocker With MBAM And SCCM T Sequence ask • With SCCM SP1 BitLocker support for Windows 8 and Server 2012 has been added to the Task Sequence. • In the Client Settings you can choose to Suspend BitLocker PIN entry on restart.
  • 34. THE END! Olav Tvedt Reidar Johansen Consigliore Senior Infrastructur Consultant STEP Member, MVP Setup & Deployment