To be honest, I hadn’t heard of this MBAM toolset until this morning; it’s tucked away in MDOP (Microsoft Desktop Optimization Pack). In Microsoft’s words:
“Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified administrative interface to BitLocker drive encryption (a feature included in Windows 7 Enterprise/Ultimate). MBAM lets you select BitLocker encryption policy options appropriate to your enterprise so that you can monitor client compliance with those policies and report on the encryption status of the enterprise in addition to individual computers. Also, you can access recovery key information when a user forgets their PIN or password, or when their BIOS or boot record changes”.
It includes:
- Administration & monitoring server: here you have the admin console and a portal, apparently with self-service support for recovery.
- Compliance and audit database: stores compliance data for managed clients.
- Recovery & hardware database: stores recovery data for managed clients.
- Compliance & audit reports: Use SQL Reporting Services to generate reports from the databases.
- Group policy template: Configure managed clients using AD GPO.
- Microsoft BitLocker Administration and Monitoring client agent: Used to manage and configure machines for BitLocker, and return data to the above administration components.
Documentation for MBAM can be downloaded from here.