Preparing your Environment for MBAM 2.0
Before beginning Microsoft BitLocker Administration and Monitoring (MBAM) Setup, you should make sure that you have met the prerequisites to install the product. When you know what the prerequisites are ahead of time, you can efficiently deploy the product and enable its features so that it most effectively supports your organization’s business objectives.
If you are deploying Microsoft BitLocker Administration and Monitoring with Microsoft System Center Configuration Manager 2007 or Microsoft System Center 2012 Configuration Manager, see Planning to Deploy MBAM with Configuration Manager.
Review MBAM 2.0 Deployment Prerequisites
The MBAM Client and each of the MBAM Server features have specific prerequisites that must be met before they can be successfully installed.
To ensure successful installation of MBAM Clients and MBAM Server features, ensure that computers specified for MBAM Client or MBAM Server feature installation are properly prepared for MBAM Setup.
Note MBAM Setup checks that all prerequisites are met before installation starts. If all prerequisites are not met, Setup will fail.
MBAM 2.0 Deployment Prerequisites
Plan for MBAM 2.0 Group Policy Requirements
Before MBAM can manage clients in the enterprise, you must define Group Policy for the encryption requirements of your environment.
Important MBAM will not work with policies for stand-alone BitLocker drive encryption. Group Policy settings must be defined for MBAM, or BitLocker encryption and enforcement will fail.
Planning for MBAM 2.0 Group Policy Requirements
Plan for MBAM 2.0 Administrator Roles
MBAM administrator roles are managed by local groups that are created by MBAM Setup when you install the BitLocker Administration and Monitoring Server, the Compliance and Audit Reports feature, and the Compliance and Audit Status Database.
The membership of Microsoft BitLocker Administration and Monitoring roles can best be managed by creating security groups in Active Directory Domain Services, adding the appropriate administrator accounts to those groups, and then adding those security groups to the BitLocker Administration and Monitoring local groups. For more information, see How to Manage MBAM Administrator Roles.