Administering MBAM 2.0 Features
After completing all necessary planning and then deploying Microsoft BitLocker Administration and Monitoring (MBAM), you can configure and use it to manage BitLocker encryption across the enterprise The information in this section describes post-installation day-to-day Microsoft BitLocker Administration and Monitoring feature operations tasks.
Manage MBAM Administrator Roles
After MBAM Setup is complete for all server features, administrative users have to be granted access to them. As a best practice, administrators who will manage or use MBAM server features should be assigned to Active Directory Domain Services security groups, and then those groups should be added to the appropriate MBAM administrative local group.
Manage BitLocker Encryption Exemptions
MBAM lets you grant encryption exemptions to specific users who do not need or want their drives encrypted. Computer exemption is typically used when a company has computers that do not have to be encrypted, such as computers that are used in development or testing, or older computers that do not support BitLocker. In some cases, local law may also require that certain computers are not encrypted.
Manage MBAM Client BitLocker Encryption Options by Using the Control Panel
MBAM provides a custom control panel, called BitLocker Encryption Options, that will appear under System and Security. The MBAM control panel can be used to unlock encrypted fixed and removable drives, and also manage your PIN or password.
This customized control panel does not replace the default Windows BitLocker control panel.