MBAM 2.0 Deployment Prerequisites

Before you start Microsoft BitLocker Administration and Monitoring (MBAM) Setup, you should ensure that you have met the prerequisites to install the product. This section contains information to help you successfully plan your computing environment before you deploy Microsoft BitLocker Administration and Monitoring Server features and Clients. If you are installing MBAM with Configuration Manager, see Planning to Deploy MBAM with Configuration Manager for additional prerequisites.

Installation Prerequisites for MBAM Server Features

Each of the MBAM Server features has specific prerequisites that must be met before the MBAM features can be successfully installed. MBAM Setup checks that all prerequisites are met before the installation starts.

Prerequisites for Administration and Monitoring Server

Prerequisite	Details
Windows Server Web Server Role	This role must be added to a server operating system that is supported for the Administration and Monitoring Server feature.
Web Server (IIS) Management Tools	Select IIS Management Scripts and Tools.
SSL Certificate	Optional. To secure communication between the clients and the web services, you have to obtain and install a certificate that a trusted security authority signed.
Web Server Role Services	Common HTTP Features: Static Content Default Document Application Development: ASP.NET .NET Extensibility ISAPI Extensions ISAPI Filters Security: Windows Authentication Request Filtering
Windows Server Features	.NET Framework 3.5.1 features: .NET Framework 3.5.1 WCF Activation HTTP Activation Non-HTTP Activation Windows Process Activation Service: Process Model .NET Environment Configuration APIs

Note For a list of supported operating systems, see MBAM 2.0 Supported Configurations.

Prerequisites for the Compliance and Audit Reports

Prerequisite	Details
Supported version of SQL Server See MBAM 2.0 Supported Configurations for supported versions.	Install SQL Server with: SQL_Latin1_General_CP1_CI_AS collation
SQL Server Reporting Services (SSRS)
SSRS instance rights – required for installing reports only if you are installing databases on a separate server from the reports.	Required instance rights: Create Folders Publish Reports SSRS must be installed and running during the MBAM Server installation. Configure SSRS in “native” mode and not in unconfigured or “SharePoint” mode.

Prerequisites for the Recovery Database

Prerequisite	Details
Supported version of SQL Server See MBAM 2.0 Supported Configurations for supported versions.	Install SQL Server with: SQL_Latin1_General_CP1_CI_AS collation SQL Server Management Tools
Required SQL Server permissions	Required permissions: SQL instance Login Server roles: dbcreator processadmin SQL Server Reporting Services instance rights: Create Folders Publish Reports
Optional - Install Transparent Data Encryption (TDE) feature available in SQL Server	The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries. Note TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible. More about TDE: MBAM 2.0 Security Considerations.

Prerequisites for the Compliance and Audit Database

Prerequisite	Details
Supported version of SQL Server See MBAM 2.0 Supported Configurations for supported versions.	Install SQL Server with: SQL_Latin1_General_CP1_CI_AS collation SQL Server Management Tools
Required SQL Server permissions	Required permissions: SQL instance Login Server roles: dbcreator processadmin SQL Server Reporting Services instance rights: Create Folders Publish Reports
Optional - Install Transparent Data Encryption (TDE) feature in SQL Server.	The TDE SQL Server feature performs real-time I/O encryption and decryption of the data and log files, which can help you to comply with many laws, regulations, and guidelines established in various industries. Note TDE performs real-time decryption of database information, which means that, if the account under which you are logged on has permissions to the database while you are viewing the recovery key information in the SQL Server tables, the recovery key information is visible. More about TDE: MBAM 2.0 Security Considerations
SQL Server must have Database Engine Services installed and running during MBAM Server installation.
The SQL Server Agent service must be running and set to auto-start on the selected instances of SQL Server.

Prerequisites for the Self-Service Portal

Prerequisite	Details
Supported version of Windows Server See MBAM 2.0 Supported Configurations for supported versions.
ASP.NET MVC 2.0	ASP.NET MVC 2 download
Web Service IIS Management Tools

Prerequisites for MBAM Clients

Prerequisite	Details
Windows 7 clients only - must have Trusted Platform Module (TPM) capability.	TPM version must be 1.2 or later.
The TPM chip must be turned on in the BIOS and be resettable from the operating system.	For more information, see the BIOS documentation.
Windows 8 clients only: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see Disable-TpmAutoProvisioning. TPM auto-provisioning must be turned off. MBAM must be set as the owner of the TPM before you deploy MBAM.	To turn off TPM auto-provisioning, see Disable-TpmAutoProvisioning. TPM auto-provisioning must be turned off. Note Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.

Related topics

Planning to Deploy MBAM 2.0

MBAM 2.0 Supported Configurations