DC-B312 BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience.

Slides:

Advertisements

Similar presentations

3/29/2017 1:10 AM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

Advertisements

Agenda Human Process + System Automation Better together Demos Identify self service opportunities Enable cloud through automation Key Takeaways.

Experiences with Service Manager and Orchestrator.

Contains: Monitoring configuration: MPs, rules, monitors, discoveries, etc. Configuration & inventory data Performance data State data Alerts.

Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.

Fluffy’s Safe Right? If you want to limit a user’s functionality, don’t make them an administrator.

UD-B302 Lighting, HVAC, … 75% IT 25% PCs, Laptops, Monitors $28b Network $18b Servers $14b Printers $13b $90b Telecom $10b Other $7b Commercial Energy.

Agenda Orchestrator - Components Orchestrator – For the ConfigMgr Admin.

DV-B306 One with Windows More Apps in More Places Modern Managemen t.

Bug Fixes Reduce costs (e.g.: Self Service) Reduce costs (e.g.: Simplified Recovery) Integrating with existing systems (e.g.: SCCM) Provide.

-ConfigMgr Scripting history -Introduction to the ConfigMgr SP1 & PowerShell -Scenarios & Demos.

Appetizers Each MVP will present one tantalizing appetizer to whet your appetite for more. Please save all questions for the end. P.S. We’re here all.

WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially.

4/15/ :16 PM © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or.

DV-B307 Personal & flexible  App and OS personalization roam across Windows  Syncs are smart and logins are fast  Application or OS reconfiguration.

Agenda Overcome flat budgets Coping with relentless growth Meeting increasing business demands Managing escalating complexity Maintaining service levels.

3 5 Cisco UCS™ Manager (Read / Write Configuration Interfaces) UCS Manager GUI and CLI Cisco UCS Fabric Interconnects (Read Only / Cut Through Interfaces)

Service Manager Operations Manager Configuration Manager Data Protection Manager Virtual Machine Manager App Controller Orchestrator Active Directory.

About me About this session Agenda Computer User.

AI-B301 Topics A quick note: There is a lot of information in this session, too much in fact! Slides are heavy and designed for you to review. We’ll.

VMware vCenter Server Module 4.

Something special about Benjamin Session Objectives and Takeaways.

Patch Deployment Patch Creation Vulnerability Scanning Vulnerability Intelligence.

Agenda Advanced Query Techniques Agenda Taming SQL Performance issues.

Not what you are looking for? Head to another session now!

Devices & Experiences Users Want Applications and data across devices, anywhere Controlled access to data with seamless authentication.

Windows Store apps Provisioning Installation.

Leader in Cloud Services Enablement and Desktop Virtualization 900+ employees worldwide 100+ patents granted or pending 200+ partnerships include Microsoft,

Session Objectives and Takeaways Scenario End UserAdministrator Art needs to quickly install an application to edit a diagram that he needs to update.

IM-B201 Traditional Virtualized Private Cloud Public Cloud  Windows  Linux  UNIX  Windows  Linux  UNIX  Windows  Linux  Windows  Linux.

Boot processCapable of USB boot Firmware USB boot enabled. (PCs certified for use with Windows 7 or Windows 8 can be configured to boot directly.

Customizing the Browser Browser Management Deployment MethodsApp Compat.

Increase the level of Service Pack to the supported level IMPACT.

LinuxUNIX Red HatSUSECentOSUbuntuDebianOracleAIXHP-UXSolaris Configuration Manager * * * * * * Endpoint Protection No Plans.

Not what you are looking for? Head to another session now!

Global Foundation Services (GFS) Malware Protection Center Microsoft Security Response Center (MSRC)

MANAGEMENT ANTIMALWARE PLATFORM Microsoft Malware Protection Center Dynamic Signature Svc Available only in Windows 8 Endpoint Protection Management.

“With System Center 2012, we have much more granular insight into and control over the services we’re delivering to the business. This is critical.

IM-B401 Dashboard Samples shown today can be found at

UD-B305 Features and Solutions Used User Centric Application Delivery Macintosh Client Management Orchestrator Runbooks Software Update Point List.

IM-B391 Agenda Getting Metrics Out From Database Servers.

Pre-Talk Q&A piecing it together fabric design and configuration.

REQUIREMENTS WORKING SOFTWARE Misunderstood requirements Conflicting priorities Unmet user expectations Can’t get actionable feedback Disparate management.

Co-facilitator Denver user group Blog at  Code examples from this presentation.

Microsoft NDA Confidential Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and.

Online Snapshots Disk-Based Backup Active Directory Tape-Based Backup SC DPM Up to Every 15 minutes Disaster Recovery with offsite replication and.

SD-B309 Session Objectives And Takeaways Check us out on Visit our blog: Watch us:

Five issues, commonly addressed on the forums and mailing lists Boundaries Client identity Business hours and maintenance windows Deployment type.

Enabling users to be productive, responsibly Finding the right balance Devices & Experiences Users Want Applications and data across devices, anywhere.

Integrated Platform Virtual applications work like installed applications Virtual applications use Windows standards No dedicated drive letter.

Not what you are looking for? Head to another session now!

Demos Components Resources Generic Command Execution SQL Profiles Application Hosts Service Settings Lifecycle Create Template Customize Deploy Service.

Software Update Groups Update Deployments Assign updates to clients Define when, where, how, who Update Packages.

ADK ComponentConfiguration Manager Site System Windows Deployment ToolsCentral Administration Site Server Primary Site Server All SMS Provider.

Agenda Data center challenges Main central themes facing every IT decision maker today Overcome flat budgets Cope with relentless growth Meet increased.

Lost Data and Files Recovery Planning Distributed Workforce System Failures Traditional approaches to machine recovery don’t meet the needs of a.

Session Objectives And Takeaways Our Service Why Use the Portal?

Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at.

On Premises Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service) Storage Servers.

DC-B301 Agenda Can you afford not to Migrate? What is USMT 5.0?

ConfigMgr Environment 2007 Hierarchy 2007 Hierarchy (Simplified View)

© 2008 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED,

Stop following incidents Register and analyze Describe your tasks step by step Make it part of your DNA If you know what you did the last month you.

High Density Virtualization Low Density or No Virtualization All features Unlimited virtual instances Processor-based license All features Two virtual.

Session Objectives And Takeaways Agenda Monitor and manage servers 30+ Azure Hosted Services 10 global data center facilities & 6 domains 110+

Agenda Is your company using Windows Azure? Dev vs Ops and the Modern Application.

TechReady 16 5/22/2018 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks.

Presentation transcript:

DC-B312

BitLocker Improvements in Windows 8 MBAM 2.0 Investment Areas and Key New Features Deploying MBAM 2.0MBAM 2.0 End User Experience

What is Microsoft BitLocker Administration and Monitoring? MBAM 1.0 objectives: MBAM 2.0 improved 1.0 functionality and adds additional focus on: “ We can use MBAM v1.0 to get greater value from BitLocker. We can ensure that BitLocker is enabled and that we are compliant with corporate encryption mandates without taxing our employees or IT staff.” Bob Johnson Director of IT, BT U.S. and Canada Improving compliance and security Integrating with existing systems ( e.g.: SCCM ) Reducing costs ( e.g.: Self Service, Simplified Deployment ) Simplify provisioning and deployment Provide reporting ( e.g.: compliance & audit ) Reduce costs ( e.g.: Simplified Recovery )

Configuration Manager Integration Compliance reporting integrated to CM environment Hardware compatibility & targeting via CM collections Offload MBAM client reporting workload to CM client Windows 8 Support Windows 8 Enterprise support Non-TPM / Windows To Go Support Bitlocker Pre-Provisioning support Self Service Information Worker able to retrieve Recovery Key via Portal Recovery Keys protected with Access Control Auditing of all Recovery Key access Customer Feedback More pre-req flexibility (TDE, SPNs, SQL Server) Improved encryption flow & Smarter compliance calculation Improved scalability and performance

Active Directory Domain Services & Group Policy Infrastructure GPO Recovery Web Service Reporting Web Service Web Services Audit & Compliance SQL Database Reporting Web Site SSRS Compliance Reports HelpDesk Portal Client Computer Self-service Portal Portals Self-service Web Service Recovery MBAM Client and BitLocker Admin Web Service Portals Web Services SQL Database Compliance Reports

Configuration Manager Active Directory Domain Services & Group Policy Infrastructure GPO Recovery Web Service Web Services Audit SQL Database Management Console SSRS HelpDesk Portal Client Computer Self-service Portal Portals Self-service Web Service Recovery MBAM Client and BitLocker Admin Web Service ConfigMgr Database Compliance ConfigMgr Agent

MBAM 2.0 improvements Server configurations recommended for 1.0 ranged from single to five server Performance and scalability improvements allows simpler configurations Improved performance: A 2 box set up with recommended specs can support a 200k+ environment without issues. MSIT is using that configuration for all Microsoft SQL Standard Support : TDE is not a requirement anymore so SQL Standard can be used Improved VSSWriter: New implementation supports backups without impacting availability

Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM8 GB12 GB Free disk space1 GB2 GB Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM8 GB12 GB Free disk space5 GB5 GB or greater 2-server standalone topology to support at least 200,000 clients: Web server: SQL Server: 3-server CM integrated topology to support at least 200,000 clients: Web server: SQL Server : Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM4 GB8 GB Free disk space5 GB5 GB or greater Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM4 GB8 GB Free disk space1 GB2 GB Hardware ComponentMinimum RequirementRecommended Requirement Processor2.33 GHz2.33 GHz or greater RAM4 GB8 GB Free disk space5 GB5 GB or greater One Box (standalone and CM) topology for Lab Testing only:

Two deployment modes available Stand Alone Configuration Manager Integrated Stand alone mode Similar to MBAM v1 model – SQL Server Database contains databases for Recovery Keys and Audit/Compliance Configuration manager integrated mode Compliance DB and Reporting are integrated to CM infrastructure Compliance information is reported via CM Agent/DCM Agent distribution is facilitated via out of the box collection Key Recovery and Audit DB remain in SQL similar to Stand Alone

Update Servers Uninstall server bits and keep databases Install new server bits pointing to existing databases For CM mode this includes importing MOF file and verifying that agent collection meets your environment Update group policy Choose protectors and related options using MBAM templates Define server locations, intervals and exemption policy Deploy new Agent For CM mode this includes deploying DCM Compliance will use 2.0 logic

Standard Users Can: Encrypt Computers Change PIN Change Passwords Control Panel Applet: PINs and Passwords Consider hiding original BitLocker Control Panel to make it difficult to: Decrypt devices Suspend encryption

Enhanced Compliance and Security MBAM prevents reuse of BitLocker recovery keys Recovery keys are marked for reset after they’re exposed Client periodically checks to see if key reset is required Recovery keys reset after client obtains network connectivity

Who and when recovery keys have been accessed and by whom? Need to know how effective your rollout is, or how compliant your company is? Need to know the last known state of a lost computer?

Complete your session evaluations today and enter to win prizes daily. Provide your feedback at a CommNet kiosk or log on at Upon submission you will receive instant notification if you have won a prize. Prize pickup is at the Information Desk located in Attendee Services in the Mandalay Bay Foyer. Entry details can be found on the MMS website.