At Ignite 2019 Microsoft announced BitLocker key rotation for Intune managed Windows 10 devices. It is a long awaited feature and closes the feature gaps in the cloud managed BitLocker solution. In this article we have...
So far in this series, we have covered how to implement enhanced password complexity on-premise and in-cloud with Azure AD Password Protection, limit the use of the local administrator account with LAPS, and now onto...
Announced back at Ignite in September was something that along with ADMX settings was high on the list of the wish list for Intune administrators, this of course was Security Baselines. For those reading this who do not...
In this, the final part of this four-part series, we will look at how to validate MBAM is escrowing keys, they are retrievable through different methods. Part 1: Installation of MBAM components Part 2: Validating IIS...
In parts 1 & 2 of this series of posts on installing and configuring Microsoft Bitlocker Administration and Monitoring (MBAM) we ran through the installation, validation and customisation options available. In this...
Having installed the MBAM components in the first part of this series of posts it is now time to validate that the IIS components are in place and also to be aware of what each of them do. Part 1: Installation of MBAM...
Over the past number of months I have had several engagements as a consultant to implement Microsoft BitLocker Administration and Monitoring (MBAM). Many of you might pose the question of why? is MBAM not a legacy...
This is a post about enabling BitLocker on non-HSTI devices with Windows 10 version 1809 and standard user permissions. First of all a little background on HSTI. HSTI is a Hardware Security Testability...
In the on-premises world, many organizations use the RestrictedGroup Group Policy setting to place their own workstation admin groups on domain joined machines, and of course to remove other rogue local...