Disclaimer The information in this presentation relates to a
pre-released product which may be substantially modified before its
commercially released. The information contained represents the
current view of Microsoft Corporation on the issues discussed as of
the date of the presentation. Because Microsoft must respond to
changing market conditions, it should not be interpreted to be a
commitment on the part of Microsoft, and Microsoft cannot guarantee
the accuracy of any information presented after the date of the
presentation. This presentation is for informational purposes only.
MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO
THE INFORMATION IN THIS PRESENTATION. Microsoft may have patents,
patent applications, trademarks, copyrights, or other intellectual
property rights covering subject matter in this presentation.
Except as expressly provided in any written license agreement from
Microsoft, the furnishing of this information does not give you any
license to these patents, trademarks, copyrights, or other
intellectual property. 2010 Microsoft Corporation. All rights
reserved.
Slide 4
Manage Risks with Enhanced Security Make People Productive
Anywhere Reduce Costs by Streamlining PC Management Unified
Lifecycle Management Streamlined Application DeliveryEnhanced
Security and Protection Centralized Data Control and Compliance
Anywhere Productivity Flexible Modern PC ( Virtualization for PC
with local apps and data)
Slide 5
Protect and manage threats Complete protection requires
investments in both prevention and detection Gartner Network Blog,
7/15/2010 Gartner Network Blog Secure access to resources The
majority of organizations consider roaming workers to be the
weakest link... 65% reported employees circumventing security
features on their laptops. 45% reported... a security threat as a
direct consequence of a roaming worker. ScanSafe Roaming Security
Survey, 4/10ScanSafe Roaming Security Survey misconfigurations
continue to be a larger source of attack openings than actual
software vulnerabilities John Pescatore, Gartner Network Blog
9/1/10 We will have more granular control over identity and access,
so we can start providing users with self-service capabilities and
extend secure collaboration to our partners. Armand Martin,
Enterprise Architect, Security, Dow Corning Identity and
configuration management
Slide 6
Operating System Volume Removable Data Volumes Fixed Data
Volumes
Slide 7
When a device gets lost, we need to report whether the data was
encrypted. I need a simple way to check. The process of encrypting
assets with BitLocker can be difficult. I need a simpler way to
make it happen. Determining compliance can be difficult. I need an
easy way to determine organizational compliance. When users lose
keys to secured volumes, their productivity is blocked. We need a
key recovery process. There is a large set of policy options for
BitLocker. Id like a simplified means to make the right
choices.
Slide 8
Goals are: 1 Simplify provisioning and deployment 2 Improve
compliance and reporting 3 Reduce support costs
Slide 9
Slide 10
Slide 11
Slide 12
Slide 13
How it works: 1 Before MBAM starts encryption, it verifies the
computer is capable (make/model) 2 As new computers are identified
in the org, they are added to the list on MBAM servers 3 Website
allows IT pros to move computers from unknown to capable or
not-capable state 4 When this feature is ON, only computers that
are capable will be encrypted
Slide 14
Recovery Password Data Compliance Data HTTPS MBAM Client Group
Policy: AD, AGPM Key Recovery Service Helpdesk UX for Key Recovery
Compliance Reports Central Administration Compliance Service
Slide 15
demo MBAM Client Group Policy: AD, AGPM
Slide 16
Need to know the last known state of a lost computer? Need to
know how effective your rollout is? Or how compliant your company
is? Who and when keys have been accessed and when new hardware has
been added?
Slide 17
Slide 18
Search by: User or Computer Lets you know if a computer is
compliant or not
Slide 19
Shows you the changes made through the Hardware Compatibility
page Used when you enable Hardware Compatibility Management
policy
Slide 20
Who has been requesting recovery information
Slide 21
Slide 22
MBAM Client Group Policy: AD, AGPM Compliance Data HTTPS
Compliance Service Compliance Reports Central Administration
demo
Slide 23
Slide 24
Slide 25
Slide 26
Slide 27
Slide 28
Recovery Password Data Compliance Data HTTPS MBAM Client Group
Policy: AD, AGPM Compliance Service Key Recovery Service Helpdesk
UX for Key Recovery Compliance Reports Central Administration
demo
Slide 29
Server Requirements Administration Website & Web Services
Windows 2008 Server w/ SP2; Windows 2008 Server R2; (x64|x86)
Windows SKUs: Standard, Enterprise, Data Center, or Web Server Web
Server Role (Internet Information Services (IIS)) Application
Server Role (ASP.NET, etc.) Microsoft.NET Framework version 3.5 SP1
Database Server SQL Server 2008; SQL Server 2008 R2 (Standard,
Enterprise, Datacenter) Encrypted Database (TDE) requires
Enterprise or Datacenter Hardware Requirements Min requirements for
Windows and SQL Server will be satisfactory for all components Disk
Foot Print: < 10MB on Server and Client Roles Performance:
Minimal over time on Server and Client Roles; + BitLocker Final
hardware requirements to be determined Client Requirements Windows
7 Enterprise or Ultimate Hardware Requirements TPM v1.2 for O/S
encryption
Slide 30
MDOP Compatibility & Management Microsoft Application
Virtualization (App-V) Microsoft Enterprise Desktop Virtualization
(MED-V) Reduce Support Costs Microsoft System Center Desktop Error
Monitoring (DEM) Microsoft Diagnostics and Recovery Toolset (DaRT)
Improve Asset Management Microsoft Asset Inventory Service (AIS)
Improve Policy Control Microsoft Advanced Group Policy Management
(AGPM)
Slide 31
Slide 32
www.microsoft.com/teched Sessions On-Demand &
CommunityMicrosoft Certification & Training Resources Resources
for IT ProfessionalsResources for Developers
www.microsoft.com/learning http://microsoft.com/technet
http://microsoft.com/msdn http://northamerica.msteched.com Connect.
Share. Discuss.
Slide 33
Slide 34
Scan the Tag to evaluate this session now on myTechEd
Mobile
