title | description | author | ms.assetid | ms.reviewer | manager | ms.author | ms.pagetype | ms.mktglfcycl | ms.sitesec | ms.prod | ms.date |
---|---|---|---|---|---|---|---|---|---|---|---|
Administering MBAM 2.0 Features |
Administering MBAM 2.0 Features |
dansimp |
065e0704-069e-4372-9b86-0b57dd7638dd |
dansimp |
dansimp |
mdop, security |
manage |
library |
w10 |
06/16/2016 |
After completing all necessary planning and then deploying Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use it to manage BitLocker encryption across the enterprise The information in this section describes post-installation day-to-day Microsoft BitLocker Administration and Monitoring feature operations tasks.
After MBAM Setup is complete for all server features, administrative users have to be granted access to them. As a best practice, administrators who will manage or use MBAM server features should be assigned to Active Directory Domain Services security groups, and then those groups should be added to the appropriate MBAM administrative local group.
How to Manage MBAM Administrator Roles
MBAM lets you grant encryption exemptions to specific users who do not need or want their drives encrypted. Computer exemption is typically used when a company has computers that do not have to be encrypted, such as computers that are used in development or testing, or older computers that do not support BitLocker. In some cases, local law may also require that certain computers are not encrypted.
How to Manage User BitLocker Encryption Exemptions
MBAM provides a custom control panel, called BitLocker Encryption Options, that will appear under System and Security. The MBAM control panel can be used to unlock encrypted fixed and removable drives, and also manage your PIN or password.
Note This customized control panel does not replace the default Windows BitLocker control panel.
How to Manage MBAM Client BitLocker Encryption Options by Using the Control Panel