Presentation on theme: "WCL317 Disclaimer The information in this presentation relates to a pre-released product which may be substantially modified before it’s commercially."— Presentation transcript:
Manage Risks with Enhanced Security Make People Productive Anywhere Reduce Costs by Streamlining PC Management Unified Lifecycle Management Streamlined Application DeliveryEnhanced Security and Protection Centralized Data Control and Compliance Anywhere Productivity Flexible Modern PC ( Virtualization for PC with local apps and data)
Protect and manage threats “Complete protection requires investments in both prevention and detection” Gartner Network Blog, 7/15/2010 Gartner Network Blog Secure access to resources “The majority of organizations consider roaming workers to be the weakest link... 65% reported … employees circumventing security features on their laptops. 45% reported... a security threat as a direct consequence of a roaming worker.“ ScanSafe Roaming Security Survey, 4/10ScanSafe Roaming Security Survey “…misconfigurations continue to be a larger source of attack openings than actual software vulnerabilities” John Pescatore, Gartner Network Blog 9/1/10 “We will have more granular control over identity and access, so we can start providing users with self-service capabilities and extend secure collaboration to our partners.“ Armand Martin, Enterprise Architect, Security, Dow Corning Identity and configuration management
Operating System Volume Removable Data Volumes Fixed Data Volumes
When a device gets lost, we need to report whether the data was encrypted. I need a simple way to check. The process of encrypting assets with BitLocker can be difficult. I need a simpler way to make it happen. Determining compliance can be difficult. I need an easy way to determine organizational compliance. When users lose keys to secured volumes, their productivity is blocked. We need a key recovery process. There is a large set of policy options for BitLocker. I’d like a simplified means to make the right choices.
Goals are: 1 Simplify provisioning and deployment 2 Improve compliance and reporting 3 Reduce support costs
How it works: 1 Before MBAM starts encryption, it verifies the computer is capable (make/model) 2 As new computers are identified in the org, they are added to the list on MBAM servers 3 Website allows IT pros to move computers from unknown to capable or not-capable state 4 When this feature is ON, only computers that are ‘capable’ will be encrypted
Recovery Password Data Compliance Data HTTPS MBAM Client Group Policy: AD, AGPM Key Recovery Service Helpdesk UX for Key Recovery Compliance Reports Central Administration Compliance Service
Need to know the last known state of a lost computer? Need to know how effective your rollout is? Or how compliant your company is? Who and when keys have been accessed and when new hardware has been added?
Recovery Password Data Compliance Data HTTPS MBAM Client Group Policy: AD, AGPM Compliance Service Key Recovery Service Helpdesk UX for Key Recovery Compliance Reports Central Administration demo
Server Requirements Administration Website & Web Services Windows 2008 Server w/ SP2; Windows 2008 Server R2; (x64|x86) Windows SKU’s: Standard, Enterprise, Data Center, or Web Server Web Server Role (Internet Information Services (IIS)) Application Server Role (ASP.NET, etc.) Microsoft.NET Framework version 3.5 SP1 Database Server SQL Server 2008; SQL Server 2008 R2 (Standard, Enterprise, Datacenter) Encrypted Database (TDE) requires Enterprise or Datacenter Hardware Requirements Min requirements for Windows and SQL Server will be satisfactory for all components Disk Foot Print: < 10MB on Server and Client Roles Performance: Minimal over time on Server and Client Roles; + BitLocker Final hardware requirements to be determined Client Requirements Windows 7 Enterprise or Ultimate Hardware Requirements TPM v1.2 for O/S encryption
MDOP Compatibility & Management Microsoft Application Virtualization (App-V) Microsoft Enterprise Desktop Virtualization (MED-V) Reduce Support Costs Microsoft System Center Desktop Error Monitoring (DEM) Microsoft Diagnostics and Recovery Toolset (DaRT) Improve Asset Management Microsoft Asset Inventory Service (AIS) Improve Policy Control Microsoft Advanced Group Policy Management (AGPM)