From 79b20d9ef1adcef24ed8406ee85eba929f003e3f Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 13 Nov 2019 10:04:43 -0800 Subject: [PATCH 1/4] Update getting-started-with-mbam-10.md --- mdop/mbam-v1/getting-started-with-mbam-10.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md index f42751d4d1..c0320634cf 100644 --- a/mdop/mbam-v1/getting-started-with-mbam-10.md +++ b/mdop/mbam-v1/getting-started-with-mbam-10.md @@ -13,6 +13,9 @@ ms.prod: w10 ms.date: 08/30/2016 --- +> **IMPORTANT** +> MBAM 1.0 will reach end of support on September 14, 2021. +> See our [lifecycle page](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/en-us/microsoft-365/microsoft-endpoint-manager). # Getting Started with MBAM 1.0 From 87dec96a3bc91eb9ac7c0f0c04438c4a3ae014b2 Mon Sep 17 00:00:00 2001 From: Daniel Simpson Date: Wed, 13 Nov 2019 10:21:39 -0800 Subject: [PATCH 2/4] Update getting-started-with-mbam-10.md --- mdop/mbam-v1/getting-started-with-mbam-10.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md index c0320634cf..b04c0a67f9 100644 --- a/mdop/mbam-v1/getting-started-with-mbam-10.md +++ b/mdop/mbam-v1/getting-started-with-mbam-10.md @@ -13,12 +13,12 @@ ms.prod: w10 ms.date: 08/30/2016 --- +# Getting Started with MBAM 1.0 + > **IMPORTANT** > MBAM 1.0 will reach end of support on September 14, 2021. > See our [lifecycle page](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/en-us/microsoft-365/microsoft-endpoint-manager). -# Getting Started with MBAM 1.0 - Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership. From 9db895c9a6e8e6cb465976673e7f5bdce9117604 Mon Sep 17 00:00:00 2001 From: Tina Burden Date: Thu, 14 Nov 2019 09:29:53 -0800 Subject: [PATCH 3/4] pencil edits lines 19, 20 --- mdop/mbam-v1/getting-started-with-mbam-10.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md index b04c0a67f9..7d1f4c4060 100644 --- a/mdop/mbam-v1/getting-started-with-mbam-10.md +++ b/mdop/mbam-v1/getting-started-with-mbam-10.md @@ -17,7 +17,7 @@ ms.date: 08/30/2016 > **IMPORTANT** > MBAM 1.0 will reach end of support on September 14, 2021. -> See our [lifecycle page](https://support.microsoft.com/en-us/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/en-us/microsoft-365/microsoft-endpoint-manager). +> See our [lifecycle page](https://support.microsoft.com/lifecycle/search?alpha=Microsoft%20BitLocker%20Administration%20and%20Monitoring%201.0) for more information. We recommend [migrating to MBAM 2.5](https://docs.microsoft.com/microsoft-desktop-optimization-pack/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions) or another supported version of MBAM, or migrating your BitLocker management to [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership. From fd926d4594706233119b05a400bf93f0d73f86e8 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 14 Nov 2019 10:02:04 -0800 Subject: [PATCH 4/4] minor edits --- windows/deployment/windows-autopilot/dfci-management.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/windows/deployment/windows-autopilot/dfci-management.md b/windows/deployment/windows-autopilot/dfci-management.md index 625a314525..550420a264 100644 --- a/windows/deployment/windows-autopilot/dfci-management.md +++ b/windows/deployment/windows-autopilot/dfci-management.md @@ -23,7 +23,9 @@ ms.topic: article - Windows 10 -With Windows Autopilot Deployment and Intune, you can manage Unified Extensible Firmware Interface (UEFI) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI). DFCI [enables Windows to pass management commands](https://docs.microsoft.com/windows/client-management/mdm/uefi-csp) from Intune to UEFI to Autopilot Deployed devices. This allows you to limit end users control over BIOS settings, lock down the boot options to prevent users from booting up another OS, or an older version of Windows that doesn't have the same security features. When you reinstall an older Windows version, install a separate OS, or format the hard drive, you can't override DFCI management. This feature can prevent malware from communicating with OS processes, including elevated OS processes. DFCI’s trust chain uses public key cryptography, and doesn't depend on local UEFI password security. This layer of security blocks local users from accessing managed settings from the device’s UEFI menus. +With Windows Autopilot Deployment and Intune, you can manage Unified Extensible Firmware Interface (UEFI) settings after they're enrolled by using the Device Firmware Configuration Interface (DFCI). DFCI [enables Windows to pass management commands](https://docs.microsoft.com/windows/client-management/mdm/uefi-csp) from Intune to UEFI to Autopilot deployed devices. This allows you to limit end user's control over BIOS settings. For example, you can lock down the boot options to prevent users from booting up another OS, such as one that doesn't have the same security features. + +If a user reinstalls a previous Windows version, install a separate OS, or format the hard drive, they can't override DFCI management. This feature can also prevent malware from communicating with OS processes, including elevated OS processes. DFCI’s trust chain uses public key cryptography, and doesn't depend on local UEFI password security. This layer of security blocks local users from accessing managed settings from the device’s UEFI menus. For an overview of DFCI benefits, scenarios, and prerequisites, see [Device Firmware Configuration Interface (DFCI) Introduction](https://microsoft.github.io/mu/dyn/mu_plus/DfciPkg/Docs/Dfci_Feature/).