technical solutions and commentary

Today – Feb 9, 2011 – Microsoft announced a new tool for organizations using BitLocker to secure their data called Microsoft BitLocker Administration and Monitoring. In the tradition of Microsoft the acronym for the tool is MBAM.

MBAM enable an enterprise solution for BitLocker provisioning, monitoring and key recovery for Windows 7 Enterprise PCs. The tool is designed to simplify provisioning and deployment of BitLocker on machines and improve compliance through reporting and reduce support costs.

Some key points of this new tool":

• For new deployments of Windows 7 Enterprise, the MBAM client can be integrated into the task sequence in MDT or in SCCM or other Windows 7 deployment tools. The client then automates the encryption process as part of the PC deployment.
• For Windows 7 Enterprise clients that have already been deployed, the MBAM agent provides a standard user the ability to start the encryption process.  This enhances the BitLocker out-of-box experience where the end user must have administrative rights to accomplish this.
• Either way, administrators can also excuse machines from BitLocker encryption by make and model.
• Administrators can generate reports on machines that are encrypted using BitLocker and meet the organizations security policies.
• Machines with the MBAM agent can send BitLocker recovery keys to an encyrpted SQL Database as an option. Whereas, up until this point the recovery keys where stored in Active Directory.
• The MBAM tool optionally provides a web page that can enable help desk personnel to get the user’s recovery key if they get into BitLocker recovery mode. The help desk will not longer require into Active Directory to be able to get the recovery keys.
• When a recovery key is used, the MBAM client will automatically generate a new recovery key for that PC so that the original key cannot be used to gain access to the machine again.
• MBAM allows an end user with standard user rights to perform basic BitLocker tasks like changing their PIN or start the encryption process.

MBAM will be available to Software Assurance customers through the Microsoft Desktop Optimization Pack in the future. No RTM date has been announced. A public beta version will be available in March 2011.If you want to be notified when the beta is open, you can sign up here.

you can read the official blog announcement in a Q&A format here: http://windowsteamblog.com/windows/b/springboard/archive/2011/02/09/microsoft-announces-microsoft-bitlocker-administration-and-monitoring-mbam.aspx