Configurations Profiles

Last modified by Jannis Klein on 2024/08/13 08:28

Configuration Profiles allow you to set BitLocker settings on the client, such as whether to encrypt operating system disks and which key protectors to enable for fixed data drives.

Two sample default configuration profiles (Clients and Servers) are provided and can be applied in a variety of ways.

64_BitLocker Management_Konfigurationsprofile.png

Übersicht der Konfigurationsprofile im BitLocker Management

In general, configuration profiles can be organised and managed using directories. Each action (adding, editing, deleting and duplicating configuration profiles) requires the appropriate permissions, which can be assigned using the User Management.

The configuration profiles are divided into three parts and are defined by Microsoft under the following headings: Operating System Drives, Fixed Data Drives and Removable Data Drives.

Working with Configuration Profiles

Assigning Configuration Profiles to Clients

Sie können über zwei Wege Ihren Clients ein Konfigurationsprofil zuweisen:

There are two ways of assigning Configuration Profiles to your Clients:

1.By explicit assignment
This assignement is done via a query. To do this, select a required Client, navigate to BitLocker Management in the Query action bar, and click Assign Configuration Profile. This will open a dialogue box where you can select the required configuration profile. Within the default configuration, you can overwrite the configuration assignment with a container. If this is not desired you can uncheck this option. Continue the association by clicking on Execute. You can view the status of the mapping in the Job Monitor.

2. Via an automatic container association
In the Container plug-in, select a container or create a new one, and then switch to the BitLocker Management tab. Then click either Assign in the ribbon bar or Click in the workspace to assign a configuration profile. Any Client assigned to a Container with a Configuration Profile assignment will automatically receive the Configuration Profile.

Hinweis  Note:  

Note that only one Configuration Profile can be assigned to each Client! If a Client is assigned to more than one Container, the Client will receive the Configuration Profile from the Container with the highest priority. If you are also using Multi-Tenancy, the Global Containers are assigned above the Client Containers.

If you want to remove the assignment or make changes to the Configuration Profile, you can also do this from the ribbon bar.

Hinweis  Note:  

If a Managed Client is skipped when manually assigning the profile, the minimum requirement will not be met. Please note the requirements for BitLocker management on the clients.

Container behaviour

You can see which containers have been assigned a configuration profile by looking at the BitLocker icon. To do this, navigate to the Container plug-in (Client Management > Containers), where all existing containers are listed. A BitLocker icon will appear in the Properties column if a configuration profile has been assigned to that container.

The BitLocker icon appears in two colours:

  1. As a blue icon: The container is directly associated with a configuration profile.
  2. As a grey icon: The container has an inherited association. This means that all child containers inherit the configuration profile of the parent container.

You can undo the inheritance at any time by clicking on Cancel in the ribbon bar. If you want to undo the action, click Restore.

© Aagon GmbH 2024
Besuchen Sie unsere neue Aagon-Community