You should consider a number of different deployment configurations and prerequisites before you create your deployment plan for Microsoft BitLocker Administration and Monitoring (MBAM). This section includes information that can help you gather the necessary information to formulate a deployment plan that best meets your business requirements. If you are installing MBAM with the Configuration Manager topology, see Planning to Deploy MBAM with Configuration Manager for additional planning information.
Review the MBAM 2.0 Supported Configurations
After preparing your computing environment for the MBAM Server and Client feature installation, make sure that you review the Supported Configurations to confirm that the computers on which you are installing MBAM meet the minimum hardware and operating system requirements. For more information about MBAM deployment prerequisites, see MBAM 2.0 Deployment Prerequisites.
Plan for MBAM 2.0 Server and Client Deployment
The MBAM Server infrastructure depends on a set of server features that can be installed on one or more server computers, based on the requirements of the enterprise. These features can be installed in a distributed configuration across multiple servers.
An MBAM installation on a single server is recommended only for lab environments.
The MBAM Client enables administrators to enforce and monitor BitLocker drive encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an enterprise software delivery system or by installing the client agent on client computers as part of the initial imaging process.
With MBAM, you can encrypt a computer in your organization either before the end user receives the computer, or afterwards by using Group Policy.