Azure AD Connect is an “updated” Azure AD Sync utility, which is used to synchronize user accounts from Active Directory to Microsoft Intune. Now all efforts will be directed at stabilizing Azure AD Connect, which is now in the Preview mode and available for testing in a lab environment. Dirsync and Azure Active Directory Sync will no longer be updated.
The biggest plus for me seems possible to install AD FS for Single Sign-On, or configure an existing farm during Azure AD Connect installation:
Dear Ievgen Liashov,
Congratulations! We are pleased to present you with the 2015 Microsoft® MVP Award! This award is given to exceptional technical community leaders who actively share their high quality, real world expertise with others. We appreciate your outstanding contributions in Enterprise Client Management technical communities during the past year.
There is a new video course on management of mobile devices based on operating system Android and iOS – Taming Android and iOS with Enterprise Mobility Suite.
First, a bit of official documentation is here:
MBAM 2.5 has the following features:
- Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
- Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
- Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
- Reduces the workload on the Help Desk to assist end users with BitLocker PIN and recovery key requests.
- Enables end users to recover encrypted devices independently by using the Self-Service Portal.
- Enables security officers to easily audit access to recover key information.
- Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
MBAM enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of the enterprise’s and individual’s computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot records change.
The following groups might be interested in using MBAM to manage BitLocker:
- Administrators, IT security professionals, and compliance officers who are responsible for ensuring that confidential data is not disclosed without authorization
- Administrators who are responsible for computer security in remote or branch offices
- Administrators who are responsible for client computers that are running Windows
Architecture of MBAM service:
In this article I will describe the installation of MBAM 2.5 and integration with Configuration Manager 2012 R2.
This installation will involve three virtual servers: the domain controller, the ConfigMgr site server and SQL server, which will store the MBAM databases.
My SQL server already has default MSSQLSERVER instance with:
- Database engine
- Reporting services (native)
- Management tools complete
and several instances for the family of products System Center. I need to add the Analysis services: