locked
MBAM Integration Questions RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    I am looking for some feedback on MBAM's integration with ConfigMgr. It isn't clear to me how MBAM+ConfigMgr differs from a standalone MBAM deployment and what exactly the benefits are. Hopefully someone can point me in the right direction. Its probably worth noting that today I'm handling BitLocker without MBAM - using AD for recovery. I already use ConfigMgr baselines and the BitLocker HINV classes for reporting.

    Based on the reading I've done this is how I see things:

    MBAM 2.0 Standalone

    • MBAM Database Server (Recovery / Audit)
    • MBAM Web Server (Admin / Monitoring)
    • MBAM client gets deployed - gathers data - handles encryption.

    MBAM 2.0 + ConfigMgr 2012

    • ConfigMgr 2012 infrastructure (Primary Site Server + Database server in my case)
    • MBAM Database Server (Recovery / Audit)
    • MBAM Web Server (Admin / Monitoring)
    • MBAM client still gets deployed???

    Benefits

    • Configuration baselines??? - I can already see which computers are protected and which ones aren't via the HINV BitLocker classes.
    • Integrated reporting??? - I suppose having the MBAM reports on the same SSRS is helpful...
    • What else is there?


    Saturday, February 22, 2014 5:43 AM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    The benefit is to enable organizations to integrate MBAM’s compliance management and reporting capabilities within your existing SCCM infrastructure so that you can easily get report within your current SCCM environment.

    Juke Chou

    TechNet Community Support

    • Marked as answer by Juke Chou Sunday, March 9, 2014 6:34 PM
    Monday, February 24, 2014 3:39 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The integration automatically creates the following:

    Device Collection

    Reports

    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Monday, February 24, 2014 3:45 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    The benefit is to enable organizations to integrate MBAM’s compliance management and reporting capabilities within your existing SCCM infrastructure so that you can easily get report within your current SCCM environment.

    Juke Chou

    TechNet Community Support

    • Marked as answer by Juke Chou Sunday, March 9, 2014 6:34 PM
    Monday, February 24, 2014 3:39 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    The integration automatically creates the following:

    Device Collection

    Reports

    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Monday, February 24, 2014 3:45 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Configuration Baseline

    Configuration Items.

    It makes it easier for most of us to manage MBAM in the estate.

    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson


    Monday, February 24, 2014 3:47 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    On another note I don't believe that managing Bitlocker without MBAM is an enterprise solution.

    Consider this scenario (no MBAM): A user forgets their PIN and calls the helpdesk. The helpdesk provides the recovery key which the user writes down and saves in their laptop case with their laptop. This is not secure.

    Consider this scenario (MBAM): A user forgets their PIN and calls the helpdesk. The helpdesk provides the recovery key which the user writes down and saves in their laptop case with their laptop. The MBAM client on the laptop reports to the MBAM server that the recovery key has been used and will not allow it to be used again. This is secure.

    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson

    Monday, February 24, 2014 3:52 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    MBAM 2.0 backend and the end result is pretty impressive, you can do backup old, refresh installations and new computer scenarios of Windows 8 (or Windows 7) which are bitlockered amongst other things, the drives can be unlocked in WinPE via a automated call to the MBAM 2.0 SQL database

    Refer this link

    http://www.windows-noob.com/forums/index.php?/topic/7294-the-cm12-bitlocker-frontend-hta

    Video Pls

    http://www.windows-noob.com/forums/index.php?/topic/7636-the-cm12-bitlocker-frontend-hta-video/

    Thanks, Prabha G

    Monday, February 24, 2014 3:53 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    With all of that being said, it's definitely great to have single management pane but I have decided to go standalone because of data retention period.

    You can't keep just BitLocker data when you do SCCM integration thus you are keeping more SCCM gathered data together with compliance history etc.

    http://myitforum.com/myitforumwp/2013/04/11/dudewheres-my-compliance-data/

    On top of that, you need to have healthy SCCM client, healthy MBAM client in order for all of this to work.

    With MBAM standalone you only worry about MBAM client and group policies. SCCM is out of equation during troubleshooting scenarios.


    Monday, February 24, 2014 5:14 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    I too once asked this same exact question and read the same article skywalker123 previously posted. Both I am greedy and wanted both. So that is what I did and it has been working without issue. For convenience of pulling compliance in SCCM I run the compliance reports from the console. If something should go wrong with the compliance data in SCCM. I can pull compliance from the MBAM Compliance DB. Best of both worlds. With the integration the SCCM client pulls the data and having the standalone as well will use the data pulled from MBAM client. Either way the MBAM client has to be installed to enforce policy and report to the recovery database whether you do integrated or stand alone. As far as the differences in the integration reporting there are not many besides SCCM reports let you drill down for more relevant data by clicking on the charts in the reports and of course the convenience doing from the SCCM console. I will re-post the same link as skywalker123 previously did as that is what lead me to my solution of utilizing both.

    http://myitforum.com/myitforumwp/2013/04/11/dudewheres-my-compliance-data/

    Friday, February 28, 2014 6:15 AM