High-Level Architecture for MBAM
Applies To: Microsoft BitLocker Administration and Monitoring
Microsoft BitLocker Administration and Monitoring (MBAM) is a client/server data encryption solution that includes the components described in the following section.
Architecture Overview
Administration and Monitoring Server: Hosts the Management Console and monitoring web services. The Management Console is used to determine enterprise compliance status and audit activity, manage hardware capability, and access recovery data (for example, BitLocker recovery keys).
Compliance and Audit Database: Stores compliance data for Microsoft BitLocker Administration and Monitoring client computers. This data is used primarily for reports hosted by SQL Server Reporting Services (SSRS).
Recovery and Hardware Database: Stores recovery data and hardware information that is collected from Microsoft BitLocker Administration and Monitoring client computers.
Compliance and Audit Reports: Uses SQL Server Reporting Services (SSRS) to provide Microsoft BitLocker Administration and Monitoring reports. These reports can be accessed from the Management Console or directly from the SSRS server.
Policy Template: The Group Policy template that specifies the Microsoft BitLocker Administration and Monitoring implementation settings for BitLocker drive encryption.
The Microsoft BitLocker Administration and Monitoring client agent performs the following tasks:
Uses Group Policy to enforce the BitLocker encryption of client computers in the enterprise
Collects the recovery key for the three BitLocker data drive types: operating system drives, fixed data drives, and removable data (USB) drives
Collects recovery information and hardware information about the client computer
Collects compliance data for the computer and passes the data to the reporting system