A couple of months ago I was involved in a divestiture project where we used MBAM from the MDOP suite to manage the Bitlocker disk encryption deployment across the company laptops.
It’s a great product that has gotten less attention than it deserves due to it being bundled and buried deep inside the MDOP suite but there are two thorns that stick out like rusty nails in it.
- Cumbersome initial installation requiring a lot of manual steps
- Limited options for filtering out specific types of machines (i.e. portables vs. non-portables when you’re only interested in the portables)
#1 – Redmond, please!! Do better, don’t be evil 🙂
#2 Fortunately, one of my colleagues is a Reporting Services wizard and we were able to modify the compliance reports to include some more useful fields for filtering than the defaults – as seen below where we added a Computer Type field and filter out everything but laptops (Portable/Non-Portable, Non-TPM).
With these additional hacks the MBAM product works wonders and would be worth a separate purchase but consider that with the MDOP package you get AGPMC, DART and Med-V and you have a killer deal. Did I mention that it also has a Self-Service portal for Helpdesk and Users?
The one remaining concern is that MBAM doesn’t have any automatic pruning of stale records. That concern is however addressed by the add-on MBAM Data Compliance Cleanup Tool. The latest update to the tool makes it compatible with MBAM 2.5.
#2 Fortunately, one of my colleagues is a Reporting Services wizard and we were able to modify the compliance reports to include some more useful fields for filtering than the defaults – as seen below where we added a Computer Type field and filter out everything but laptops (Portable/Non-Portable, Non-TPM).
This is something I really need! Unfortunately I am not a Reporting Services wizard. Could you please pass along some more info on this? Examples? Samples? Just being able to filter portable vs non-portable would be huge.
Thanks
You should be able to edit the default Enterprise Compliance Report from Microsoft if you use the Report Designer from Microsoft – it was fairly straight-forward to add a field to the existing report and save it (We chose to save it as a new report, named Enterprise Compliance Report V2 as per the screenshot).
https://msdn.microsoft.com/en-us/library/ms156280.aspx
Hi, I am also looking for steps to edit the default Enterprise Compliance Report.
Could you share the steps with screenshots, it would be really helpful.
It’s been a long time, I don’t have any current MBAM setup for screenshots.
The required changes are all on the SQL side, MBAM comes with a pre-defined set of reports that can be copied and edited to fit your needs.