Personally I'm not a fan of the self service portal. I didn't install it. If a user is locked out I can't make them go to another machine to get their own recovery key. Seems silly.
Also you should be aware of the short retention of historical data when using MBAM 2.0 and CM integration. Due to that I opted for a hybrid install. I did a VERY brief blog about that which I intend to expand upon soon. I'd say BL is the easiest to manage however it does not meet all compliance regulations. There's one in particular it cannot meet. I don't recall which one. Sorry. From: [email protected] [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Monday, June 17, 2013 10:18 PM To: [email protected] Subject: RE: [mssms] RE: Disk Encryption MBAM 2.0 has user self-service portal also. Bitlocker is very reliable. Suits shouldn't make technical decisions - case in point. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of chris catlett Sent: Monday, June 17, 2013 7:45 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Disk Encryption Look at MBAM 2.0 (offers sccm 2012 integration). It's a nice management client/console for bitlocker. Lets you dole out access to helpdesk for recovery keys. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kevin Johnston Sent: Monday, June 17, 2013 10:32 PM To: '[email protected]' Subject: [mssms] RE: Disk Encryption Actually we do have SA. It just took them this long to realize that they need to encrypt data. We currently use WDS/MDT to do our images. I never understood why they went with Win 7 Pro and not enterprise on the machines (done before my time). Mistakes made by the past affect the future right :) But if going to Ent is a possible solution (only currently encrypting laptops) then they may still decide to do that. I figured bitlocker would be a suggestion, I just don't know how reliable and manageable it is. Also it is possible we will be going to Win 8 at some point too (I don't make any decisions, I don't wear a suit) From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Jason Sandys Sent: Monday, June 17, 2013 9:37 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] RE: Disk Encryption Good luck with that. The only full-disk encryption that plays well with OSD and MDT is ... surprise, Bitlocker - which of course your org cannot use because (being blunt here) your org was too cheap to actually buy SA and is now ending up paying even more in the long run because it saved them money in the short run. Sorry, more of rant not direct at you personally, just to short-sighted (worthless) MBAs. J From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Kevin Johnston Sent: Monday, June 17, 2013 4:36 PM To: '[email protected]' Subject: [mssms] Disk Encryption Was wondering if anyone deploys disk encryption along with their deployments? We are looking into this, and just getting a feel for some of the players. Needs to be manageable and I would like to see something that is easy to deploy, maybe something that allows us to encrypt after an image (I guess kinda like bitlocker) but I am not sure how powerful it is. Our machines are solely Windows 7 Pro x64 machines. Anyone have any recommendations or suggestions? Thanks, Kevin Johnston ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer.
