It’s a single use key which reduces the attack vector, ensuring that the recovery key retrieved by a user, in the self-service portal, and scribbled down on a post-it note stuck to the screen, quickly becomes obsolete. If a recovery key is used, then a new key is generated for the device. MBAM also provides something called key rotation. This way, if the device is removed from AD or AAD, then my recovery key is gone along with the object. MBAM separates the computer object from the recovery key. Why am I a big fan of MBAM? Well, it provides a more secure and feature driven solution to BitLocker management than the other solutions provided by Microsoft, specifically Active Directory (AD) key storage and Azure Active Directory (AAD) storage. deploy a self-service and helpdesk portal to allow BitLocker key recovery.check compliance of devices in the estate.MBAM is a solution that provides an admin interface for BitLocker drive encryption. For those of you who are unaware of what MBAM is, the official name is Microsoft BitLocker Administration and Monitoring.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |