BitLocker For The Enterprise
Windows 8 will deliver a totally revamped and enterprise-ready version of MBAM, Microsoft's BitLocker Administration and Monitoring drive encryption technology. "Version 1.0 didn't come with robust enterprise management [capabilities]; it had no reporting and no basic management for keys," said Chris Hallum, senior product manager for Windows client security. According to Hallum, the new version will include compliance reporting for individual PCs and complete organizations, easier key provisioning and a self-service portal for key retrieval. And help desk staff will no longer need access to Active Directory to help with key retrieval. The tool also will implement a hard deadline for enforcement of protection policies. "Before, a user could postpone drive encryption protection indefinitely. Now you can set an end date for that." Integrated with SCCM 2007 and 2012, MBAM is now aware of the UEFI boot process and can force-boot a trusted, signed OS and prevent malware from getting in first.