Evaluating MBAM 2.0

Before deploying Microsoft BitLocker Administration and Monitoring (MBAM) into a production environment, you should evaluate it in a test environment. The information in this topic can be used to set up Microsoft BitLocker Administration and Monitoring with a Stand-alone topology in a single-server test environment for evaluation purposes only. A single-server topology is not recommended for production environments.

For instructions on deploying MBAM in a test environment, see How to Install and Configure MBAM on a Single Server.

Setting up the Test Environment

Even though you are setting up a non-production instance of MBAM to evaluate in a test environment, you should still verify that you have met the prerequisites and hardware and software requirements. Before you start the installation, see MBAM 2.0 Deployment Prerequisites, MBAM 2.0 Supported Configurations, and Preparing your Environment for MBAM 2.0.

Plan for an MBAM Evaluation Deployment

Task References Notes
Checklist box

Review the Getting Started information about MBAM to gain a basic understanding of the product before beginning deployment planning.

Getting Started with MBAM 2.0

Checklist box

Plan for MBAM 2.0 Deployment Prerequisites and prepare your computing environment.

MBAM 2.0 Deployment Prerequisites

Checklist box

Plan for and configure MBAM Group Policy requirements.

Planning for MBAM 2.0 Group Policy Requirements

Checklist box

Plan for and create necessary Active Directory Domain Services security groups, and plan for MBAM local security group membership requirements.

Planning for MBAM 2.0 Administrator Roles

Checklist box

Plan for deploying MBAM Server feature deployment.

Planning for MBAM 2.0 Server Deployment

Checklist box

Plan for deploying MBAM Client deployment.

Planning for MBAM 2.0 Client Deployment

Perform an MBAM Evaluation Deployment

After completing the necessary planning and software prerequisite installations to prepare your computing environment for the MBAM installation, you can begin the MBAM evaluation deployment.

Checklist box

Review the MBAM supported configurations information to make sure that selected client and server computers are supported for MBAM feature installation.

MBAM 2.0 Supported Configurations

Checklist box

Run MBAM Setup to deploy MBAM Server features on a single server for evaluation purposes.

How to Install and Configure MBAM on a Single Server

Checklist box

Add Active Directory Domain Services security groups, that you created during the planning phase, to the appropriate local MBAM Server feature local groups on the new MBAM Server.

Planning for MBAM 2.0 Administrator Roles and How to Manage MBAM Administrator Roles

Checklist box

Create and deploy required MBAM Group Policy Objects.

Deploying MBAM 2.0 Group Policy Objects

Checklist box

Deploy the MBAM Client software.

Deploying the MBAM 2.0 Client

Configure Lab Computers for MBAM Evaluation

This section contains information that can be used to speed up the MBAM Client status reporting. However, these modifications should be used for testing purposes only.

Note   The information in following section describes how to modify the Windows registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall Windows. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

Modify MBAM Client Status Reporting Frequency Settings

The MBAM Client wakeup and status reporting frequencies have a minimum value of 90 minutes when they are set using Group Policy. You can use the Windows registry to change these frequencies to a lower value on MBAM client computers to help speed up testing.

To modify the MBAM Client status reporting frequency settings:

  1. Use a registry editor to navigate to HKLM\Software\Policies\Microsoft\FVE\MDOPBitLockerManagement.

  2. Change the values for ClientWakeupFrequency and StatusReportingFrequency to 1 as the minimum client-supported value. This change causes the MBAM Client to report every minute.

  3. Restart BitLocker Management Client Service.

Note   To set values that are this low, you must set them in the registry manually.

Modify MBAM Client Service Startup Delay

In addition to the MBAM Client wakeup and status reporting frequencies, there is a random delay of up to 90 minutes when the MBAM Client agent service starts on client computers. If you do not want the random delay, create a DWORD value of NoStartupDelay under HKLM\Software\Microsoft\MBAM, set its value to 1, and then restart BitLocker Management Client Service.

Getting Started with MBAM 2.0