DEVICE PROTECTION DATA PROTECTION Protect data when device
- Slides: 50
DEVICE PROTECTION DATA PROTECTION Protect data when device is lost or stolen Accidental data leakage SHARING PROTECTION Protect data is shared
Lost Laptops– ADDING TERROR TO PLAYBOOK Over 12, 000 laptops lost in airports every week “It’s staggering to learn that up to 600, 000 laptops are lost in U. S. airports annually, many containing sensitive information that companies must account for. ” Larry Ponemon Source: ”New Study Reveals Up To 12, 000 Laptop Computers Lost Weekly and up to 600, 000 lost annually in U. S. Airports”, Ponemon. org, June 20, 2008
Full volume Encryption • OS volumes • Fixed data drives (like a separate hard drive or partition) • Removable drives Recovery • Recovery Keys • DRA Used Disk Space Pre-provisioning • Encrypts used disk space • Pre-provisioning – speeds up encryption by turning on in Win. PE • TPM must be enabled and owned
TPM 1. 2 – Main spec in use. Random lockout thresholds and attempts. TPM 2. 0 – On by default. Consistent lock out.
§ Integrates Bit. Locker Enactment into existing deployment tools § Grace period for enactment § Prompts for PIN or Password § Escrows recovery information and TPM Owner. Auth § Encryption Compliance Reporting status reporting per volume on each computer § View overall compliance for your organization § View reports standalone in System Center Configuration Manager § Helpdesk Recovery recovery § Self service recovery § Retrieve TPM Owner. Auth to unlock TPM
MBAM CLIENT FLOW: INSTALL MBAM CLIENT APPLY MBAM POLICY ENACTS BITLOCKER REPORTS COMPLIANCE
Deployment Management Industry Compat Introduced scripts to support imaging Built cmdlets to import Bit. Locker and TPM data from AD Added automatic TPM unlock when Bit. Locker is recovered Consolidated and simplified server logging Added Windows 10 support Added Encrypted HDD Supported International Domain Names Supported Win 7 FIPS Recovery Password Included prompting for PIN after imaging Improved TPM Owner. Auth Escrow Customization Added ability to direct customers to SSP from Bit. Locker recovery screen Allowed SSP branding capability during setup Increased supported client languages to 23 Updated reports schema to allow customization using Report Builder
Process • • Volume Support Escrow/Reporting Error Handling Written in Power. Shell; compatible with Power. Shell v 2 Easy to use with MDT, SCCM, or standalone
Invoke-Mbam. Client. Deployment. ps 1 – The main script that your deployment system will call to configure MBAM and enable Bit. Locker. Parameter Description -Recovery. Service. Endpoint Required MBAM recovery service endpoint -Status. Reporting. Servcie. Endpoint Optional MBAM status reporting service endpoint -Encryption. Method Optional Encryption method (default: AES 128) -Encrypt. And. Escrow. Data. Volume Switch Specify to encrypt data volume(s) and escrow data volume recovery key(s) -Wait. For. Encryption. To. Complete Switch Specify to wait for the encryption to complete -Ignore. Escrow. Owner. Auth. Failure Switch Specify to ignore TPM Owner. Auth escrow failure -Ignore. Escrow. Recovery. Key. Failure Switch Specify to ignore volume recovery key escrow failure -Ignore. Report. Status. Failure Switch Specify to ignore status reporting failure
Invoke-Mbam-Client. Deployment. ps 1 –Recovery. Service. Endpoint https: //mbam. contoso. com/MBAMRecovery. And. Hardware. Service/Core. Service. svc -Status. Reporting. Service. Endpoint https: //mbam. contoso. com/MBAMCompliance. Status. Service/Status. Reporting Service. svc -Encrypt. And. Escrow. Data. Volume -Encryption. Method AES 256 Wait. For. Encryption. To. Complete
As Easy As 1… 2… 3!
§ § § MBAM agent works its magic
§ § rights
Read-ADRecovery. Information -Server contoso. com -Credential $cred -Recurse | Add-Computer. User -From. Computer. Managed. By| Write. MBAMRecovery. Information -Recovery. Service. End. Point https: //mbamiis. contoso. com/MBAMRecovery. And. Hardware. Service/Core. Service. svc
Read-ADTpm. Information -Server contoso. com -Credential $cred Recurse | Add-Computer. User -From. Computer. User. Mapping (Import-Csv Computer. To. User. Mapping. csv) | Write-MBAMTpm. Information Recovery. Service. End. Point https: //mbamiis. contoso. com/MBAMRecovery. And. Hardware. Service/Core. Service. svc
Advanced Helpdesk Enters Recovery Key ID Helpdesk User domain and user name Enters Recovery Key ID Self Service Logs into domain joined PC Windows Integrated Auth Provides Recovery Key ID
User hits Bit. Locker Recovery Screen Recovers key from SSP or helpdesk portal Key is marked as disclosed MBAM service wakes up and detects key was disclosed Checks if TPM is locked out Automatically unlocks if MBAM has TPM Owner. Auth Audited in client event log and MBAM audit reports
§ § MBAM 2. 5 SP 1 makes it even easier to deploy and manage Bit. Locker on your devices
BRK 3340 App-V 5. 0 SP 3: Advanced Connection Groups Thurs 17: 00 BRK 3317 Creating a Seamless User Experience with Microsoft UE-V and Windows 10 Fri 12: 30 BRK 3304 Managing Windows 10 Using Group Policy with In the Box, Microsoft and 3 rd Party Tools Wed 9: 00 BRK 3144 Microsoft Office 365 Pro. Plus: Have It Your Way! Fri 12: 30 BRK 3868 Fundamentals of Microsoft Azure Remote. App Management and Tues 13: 30 Administration
http: //myignite. microsoft. com
- Input device output device storage device
- Embolic protection device
- How we can protect our environment
- We have only one earth let's protect it
- Unit 9 saving the planet
- Plan-protect-respond cycle
- Images
- Vmvstortransport
- Dot
- Ibm spectrum protect blueprint
- Ancient greek superstitions
- Knock 2. hali
- Chapter 8 sharing the roadway
- Plastic drape and chemical drape similarities
- Animal camouflage
- Ways to protect the ecosystem
- What is the ecosystem approach to sustaining biodiversity
- How to protect against rogue access points
- Juan miguel wants to protect his bicycle parts from rusting
- Plan protect respond cycle
- Pe connection electrical
- How did dollar diplomacy protect the open door policy
- I build walls walls that protect
- Detect protect perfect
- Ways to protect the ecosystem
- The fifth, sixth, seventh, and eighth amendments protect *
- God uses problems to protect you
- The plan-protect-respond cycle
- In some plants like grass monstera and banyan tree
- Two functions of clothing
- How do sponges protect themselves
- Protect privacy
- How to be a pure hearted person
- Intentional injury and unintentional injury
- End to end delay
- Promise to protect pledge to heal
- The plan-protect-respond cycle
- Angel to protect you
- Atmosfra
- How do flamingos protect themselves
- Child protect of mercer county
- Survive and protect the endangered plants
- Touch protect
- Amur leopard distribution map
- Stay safe protect each other
- We protect and beautify the world
- How to protect yourself from bloodborne pathogens
- Protect your dream
- Protect af trial
- Farcofill
- Protect your executives