November 6, 2012 11:00 am

Announcing Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 – Beta 2

Just a few weeks ago I read an interesting study that was conducted by Imation Corp., a global storage and data security company, that included a state by state (United States) analysis of a data breach notification laws and penalties. In the study they ranked states from least to most strict.

What caught my eye is the fact that the states that are often recognized as having the strictest data breach laws and penalties actually tend to rank in the middle or even bottom of stack when it comes to just how strict their laws actually are. To give you some perspective, in one of these states, a well-known hospital is facing a class action lawsuit seeking more than $200 million in damages after 10 unencrypted backup disks were lost. This particular state ranked in the bottom 25 percent of all US states. Imagine what the penalties could have been if the hospital were located in a state that ranked in top 10 percentile! Upon a bit more research, I learned that nearly 25 percent of all states had passed – or attempted to pass – new data breach legislation in 2011. I think this proves that the rules and stakes for data security are rapidly changing and there couldn’t be a more important time to ensure your understanding of data breach laws, and protect your corporate and customer data from the ramifications of a potential breach.

The good news is that data protection is an important investment area for us here at Microsoft. As you may already know, Microsoft BitLocker Administration and Monitoring 1.0 (MBAM) – which has been on the market for over a year and is included in the Microsoft Desktop Optimization Pack (MDOP) 2012 for Software Assurance customers – can be used to mitigate or eliminate risks associated with a data breach. MBAM enhances BitLocker and BitLocker to Go by simplifying the process of provisioning encryption to devices, helping you maintain and report on compliance, and finally, it can help reduce the costs of supporting encryption on your devices.

Earlier this year, Microsoft furthered its commitment to data protection with the announcement of MBAM 2.0 Beta 1, and today, we are excited to announce MBAM 2.0 Beta 2 (also known as Beta Refresh) which is now available for download. The primary goals for version 2.0 include improving MBAM’s ability to help reduce the costs of provisioning and managing BitLocker, and with the recent release of Windows 8 on October 26th, the second goal is to make  compliance reporting  for Windows 7 and Windows 8 easier for IT organizations overall.

There are a number of features in MBAM 2.0 that have been designed help reduce the costs of provisioning, managing and supporting BitLocker. The key features that we expect will make the largest impact in your organization include:

  • Self Service Portal: Previously introduced in Beta 1, but updated in Beta 2, Self Service Portal helps IT managers perform the most common support tasks on their own without the assistance of the help desk
  • Integration of MBAM into System Center Configuration Manager 2007 and 2012: Also updated in Beta 2, Configuration Manager integration of MBAM enables organizations to run several aspects of MBAM within the Configuration Manager management infrastructure that have already been deployed.
  • Simplified Provisioning: Windows 8 includes a more robust set of instrumentation for managing a device’s Trusted Platform Module (TPM) which has traditionally complicated the BitLocker provisioning process. New to Beta 2, these complexities have been completely eliminated which will enable your organization to be able to automate the provisioning of BitLocker encryption within your Windows 8 deployment and imaging process.

To achieve our second goal related to securing data on the device we have made improvements to the compliance reports. Based on user feedback of MBAM 1.0, we have updated reporting so that devices are only listed as non-compliant when they’re in a state that is less secure than what the encryption policies require. This differs from MBAM 1.0 where compliance was based on strict adherence to policy and resulted in devices appearing non-complaint even when they were in a more secure configuration than was required by policy.

As you can imagine we’re very excited to have shipped Beta 2 and I encourage your organization to download it and tell us what you think. For those of you who are using Beta 1, an in-place upgrade will make it easy to migrate your existing deployment to Beta 2, allowing you to install the update without removing the previous version.

To learn more about how Microsoft BitLocker Administration and Monitoring (MBAM) and other products from the Microsoft Desktop Optimization Pack (MDOP) can help your business, visit For a deeper dive into MBAM 2.0 Beta 2 visit our blog post on Springboard.

Updated November 8, 2014 1:18 am