![]() ![]() Refer to the PowerShell examples to see how to store recovery keys in Azure Active Directory (Azure AD).” In this ARTICLE Microsoft writes “ Thus, over the next few years, a good strategy for enterprises will be to plan and move to cloud-based management for BitLocker. It may be they recognized MBAM deficiencies, but my guess is that they just want to move customers to their Azure cloud, and it is not really about improving compliance and security. I am not privy to Microsoft’s thinking as to why they are ending support. Now there is another reason to not choose MBAM – Microsoft is ending mainstream support for MBAM as of July 2019. Expensive and cumbersome to set up and operate it.Being limited to supporting Microsoft platforms (no Apple FV2 support, etc.).Microsoft BitLocker Administration & Monitoring ( MBAM) is one possible choice for the key management layer but if suffers from many deficiencies including: A capable key management layer must be paired with BitLocker to have a full solution. ![]() Not good enough operationally, nor good enough from a security or compliance perspective. However, as I have written before BitLocker alone is not good enough. In my opinion, BitLocker is a good choice for the encryption layer on Windows primarily because encryption is a low level function best done by the OS for compatibility (or even better done in the hardware of the drive for transparency and performance well below the OS). By separating key management, which includes authentication, from the actual encryption layer, one is able to use a single key manager for many platforms while allowing the best individual encryption solutions to be selected and used for each use case where storage encryption is needed. WinMagic’s CEO, THI NGUYEN-HUU, has blogged in the past about the ideal architecture for Full Drive Encryption, and Key Management ( Separating Encryption and Key Management). (Microsoft announces end of mainstream support for MBAM as of July 2019) ![]()
0 Comments
Leave a Reply. |