Month: January 2015

Azure AD Connect Public Preview

Azure AD Connect is an “updated” Azure AD Sync utility, which is used to synchronize user accounts from Active Directory to Microsoft Intune. Now all efforts will be directed at stabilizing Azure AD Connect, which is now in the Preview mode and available for testing in a lab environment. Dirsync and Azure Active Directory Sync will no longer be updated.

You can download Azure AD Connect Preview here. Details about the software are in the Active Directory Team Blog.

The biggest plus for me seems possible to install AD FS for Single Sign-On, or configure an existing farm during Azure AD Connect installation:

azure ad connect installation_11

a third time

Microsoft MVP Banner

Dear Ievgen Liashov,

Congratulations! We are pleased to present you with the 2015 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Enterprise Client Management technical communities during the past year.

The following classes for which you are trying to import settings do not exist

If you import a custom inventory classes and see the message «The following classes for which you are trying to import settings do not exist. Import the required class definitions and then try to import the settings again.»

1

then make sure you add the classes in the Default Client Settings.

Microsoft BitLocker Administration and Monitoring 2.5 installation and Configuration Manager 2012 R2 integration

First, a bit of official documentation is here:

MBAM 2.5 has the following features:

  • Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
  • Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
  • Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
  • Reduces the workload on the Help Desk to assist end users with BitLocker PIN and recovery key requests.
  • Enables end users to recover encrypted devices independently by using the Self-Service Portal.
  • Enables security officers to easily audit access to recover key information.
  • Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.

MBAM enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of the enterprise’s and individual’s computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot records change.

The following groups might be interested in using MBAM to manage BitLocker:

  • Administrators, IT security professionals, and compliance officers who are responsible for ensuring that confidential data is not disclosed without authorization
  • Administrators who are responsible for computer security in remote or branch offices
  • Administrators who are responsible for client computers that are running Windows

Architecture of MBAM service:

113

In this article I will describe the installation of MBAM 2.5 and integration with Configuration Manager 2012 R2.

This installation will involve three virtual servers: the domain controller, the ConfigMgr site server and SQL server, which will store the MBAM databases.

My SQL server already has default MSSQLSERVER instance with:

  • Database engine
  • Reporting services (native)
  • Management tools complete

and several instances for the family of products System Center. I need to add the Analysis services:

1
2

Continue reading “Microsoft BitLocker Administration and Monitoring 2.5 installation and Configuration Manager 2012 R2 integration”