Download microsoft bitlocker administration and monitoring management pack

Skip to main content This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. High Level Architecture for MBAM 1.0 Article 08/30/2016 In this article -->Microsoft BitLocker Administration and Monitoring (MBAM) is a client/server data encryption solution that can help you simplify BitLocker provisioning and deployment, improve BitLocker compliance and reporting, and reduce support costs. MBAM includes the features that are described in this topic.Additionally, there is a video that provides an overview of the MBAM architecture and MBAM Setup. For more information, see MBAM Deployment and Architecture Overview.Architecture OverviewThe following diagram displays the MBAM architecture. The single-server MBAM deployment topology is shown to introduce the MBAM features. However, this MBAM deployment topology is recommended only for lab environments.Note At least a three-computer MBAM deployment topology is recommended for a production deployment. For more information about MBAM deployment topologies, see Deploying the MBAM 1.0 Server Infrastructure.Administration and Monitoring Server. The MBAM Administration and Monitoring Server is installed on a Windows server and hosts the MBAM Administration and Management website and the monitoring web services. The MBAM Administration and Management website is used to determine enterprise compliance status, to audit activity, to manage hardware capability, and to access recovery data, such as the BitLocker recovery keys. The Administration and Monitoring Server connects to the following databases and services:Recovery and Hardware Database. The Recovery and Hardware database is installed on a Windows-based server and supported SQL Server instance. This database stores recovery data and hardware information that is collected from MBAM client computers.Compliance and Audit Database. The Compliance and Audit Database is installed on a Windows server and supported SQL Server instance. This database stores compliance data for MBAM client computers. This data is used primarily for reports that are hosted by SQL Server Reporting Services (SSRS).Compliance and Audit Reports. The Compliance and Audit Reports are installed on a Windows-based server and supported SQL Server instance that has the SSRS feature installed. These reports provide Microsoft BitLocker Administration and Monitoring reports. These reports can be accessed from the MBAM Administration and Management website or directly from the SSRS Server.MBAM Client. The Microsoft BitLocker Administration and Monitoring Client performs the following tasks:Uses Group Policy to enforce the BitLocker encryption of client computers in the enterprise.Collects the recovery key for the three BitLocker data drive types: operating system drives, fixed data drives,

ข้ามไปยังเนื้อหาหลัก เบราว์เซอร์นี้ไม่ได้รับการสนับสนุนอีกต่อไป อัปเกรดเป็น Microsoft Edge เพื่อใช้ประโยชน์จากคุณลักษณะล่าสุด เช่น การอัปเดตความปลอดภัยและการสนับสนุนด้านเทคนิค Perform BitLocker management with MBAM 2.5 บทความ 06/16/2016 ในบทความนี้ -->After you plan for and then deploy Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use it to manage BitLocker Drive Encryption across your organization. The information in this article describes post-installation, day-to-day BitLocker encryption management tasks that are accomplished by using Microsoft BitLocker Administration and Monitoring.Reset a TPM lockoutA Trusted Platform Module (TPM) is a microchip that is designed to provide basic security-related functions, primarily involving encryption keys. The TPM is installed on the motherboard of a computer, and it communicates with the rest of the system by using a host bus adapter. On computers that incorporate a TPM, you can create cryptographic keys and encrypt them so that only the TPM can decrypted them.A TPM lockout can occur if a user enters the incorrect PIN too many times. The number of times that a user can enter an incorrect PIN before the TPM locks varies by manufacturer. You can use MBAM to access the centralized key recovery data system on the Administration and Monitoring website, where you can retrieve a TPM owner password file when you supply a computer ID and an associated user identifier.How to reset a TPM lockoutRecover drivesWhen you deal with the encryption of data, especially in a large organization, consider how that data can be recovered. For example, a hardware failure, changes in personnel, or other situations in which encryption keys can be lost.The encrypted drive recovery features in MBAM ensure that data can be captured and stored and that the required tools are available to access a BitLocker-protected volume when BitLocker goes into recovery mode, is moved, or becomes corrupted.How to recover a drive in recovery modeHow to recover a moved driveHow to recover a corrupted driveDetermine BitLocker encryption state of lost computersBy using MBAM, you can determine the last known BitLocker encryption status of computers that were lost or stolen.How to determine BitLocker encryption state of lost computersUse the Self-Service Portal to regain access to a computerIf end users get locked out of Windows by BitLocker, they can use the instructions in this section to get a BitLocker recovery key to regain access to their computer.How to use the Self-Service Portal to regain access to a computerRelated articlesOperations for MBAM 2.5 --> แหล่งทรัพยากรเพิ่มเติม ในบทความนี้

Skip to main content This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Manage MBAM Administrator Roles Article 06/16/2016 In this article -->After Microsoft BitLocker Administration and Monitoring (MBAM) Setup is complete for all server features, administrative users will have to be granted access to them. As a best practice, administrators who will manage or use Microsoft BitLocker Administration and Monitoring Server features should be assigned to Domain Services security groups, and then those groups should be added to the appropriate MBAM administrative local group.To manage MBAM Administrator Role membershipsAssign administrative users to security groups in Active Directory Domain Services.Add Active Directory security groups to the roles for MBAM administrative local groups on the MBAM server for the respective features.MBAM System Administrators have access to all MBAM features in the MBAM Administration and Monitoring website.MBAM Helpdesk Users have access to the Manage TPM and Drive Recovery options in the MBAM Administration and Monitoring website, but must fill in all fields when they use either option.MBAM Report Users have access to the Compliance and Audit reports in the MBAM Administration and Monitoring website.MBAM Advanced Helpdesk Users have access to the Manage TPM and Drive Recovery options in the MBAM Administration and Monitoring website, but are not required to fill in all fields when they use either option.For more information about roles for Microsoft BitLocker Administration and Monitoring, see Planning for MBAM 2.0 Administrator Roles.Administering MBAM 2.0 Features --> Additional resources In this article

Skip to main content This browser is no longer supported. Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support. Generating MBAM 2.5 stand-alone reports Article 11/01/2016 In this article -->When you configure Microsoft BitLocker Administration and Monitoring (MBAM) with the stand-alone topology, you can generate reports to monitor BitLocker drive encryption usage and compliance.For descriptions of the stand-alone reports, see Understanding MBAM 2.5 stand-alone reports. To open the Administration and Monitoring websiteOpen a web browser and navigate to the Administration and Monitoring website. The default URL for the Administration and Monitoring website is: the left pane, select Reports. From the top menu bar, select the report you want to run.MBAM client data is retained in the Compliance and Audit Database for historical reference in case a computer is lost or stolen. When running enterprise reports, we recommend that you use appropriate start and end dates to scope the time frames for the reports from one to two weeks to increase reporting data accuracy.After you generate a report, you can save the results in different formats, such as HTML, Microsoft Word, and Microsoft Excel.NoteConfigure SQL Server Reporting Services (SSRS) to use Secure Sockets Layer (SSL) before configuring the Administration and Monitoring website. If you don't configure SSRS to use SSL, when you configure the Administration and Monitoring website the URL for the Reports is set to HTTP instead of HTTPS. If you then go to the Administration and Monitoring website and select a report, the following message displays: "Only Secure Content is Displayed." To show the report, select Show All Content.To generate an Enterprise Compliance ReportFrom the Administration and Monitoring Website, select the Reports node from the left navigation pane, select Enterprise Compliance Report, and select the filters that you want to use. The available filters for the Enterprise Compliance Report are:Compliance Status. Use this filter to specify the compliance status types of the report (for example, Compliant or Noncompliant).Error State. Use this filter to specify the error state types of the report (for example, No Error or Error).Select View Report to display the selected report.Select a computer name to view information about the computer in the Computer Compliance Report.To view information about the volumes on the computer, select the plus sign (+) next to the computer name.To generate a Computer Compliance ReportFrom the Administration and Monitoring Website, select the Report node from the left navigation pane, and then select Computer Compliance Report. Use the Computer Compliance Report to search for User name or Computer name.Select View Report to view the Computer Compliance Report.Select a computer name to display more information about the computer in the Computer Compliance Report.To view information about the volumes