Planning for MBAM 2.0 Administrator Roles

This topic lists and describes the available administrator roles that are available in Microsoft BitLocker Administration and Monitoring (MBAM) as well as the server locations where the local groups are created.

MBAM Administrator Roles

MBAM System Administrators
Administrators in this role have access to all Microsoft BitLocker Administration and Monitoring features. The local group for this role is installed on the Administration and Monitoring Server.

MBAM Helpdesk Users
Administrators in this role have access to the Help Desk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server.

MBAM Report Users
Administrators in this role have access to the Compliance and Audit Reports from MBAM. The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports.

MBAM Advanced Helpdesk Users
Administrators in this role have increased access to the Help Desk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server. If a user is a member of both MBAM Helpdesk Users and MBAM Advanced Helpdesk Users, the MBAM Advanced Helpdesk Users permissions will override the MBAM Helpdesk User permissions.

Important   To view reports, an administrative user must be a member of the MBAM Report Users security group on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports feature. As a best practice, create a security group in Active Directory Domain Services with rights on the local MBAM Report Users security group on both the Administration and Monitoring Server and the server that hosts the Compliance and Audit Reports.

Preparing your Environment for MBAM 2.0