Planning for MBAM 2.0 Administrator Roles
This topic lists and describes the available administrator roles that are available in Microsoft BitLocker Administration and Monitoring (MBAM) as well as the server locations where the local groups are created.
MBAM Administrator Roles
MBAM System Administrators Administrators in this role have access to all Microsoft BitLocker Administration and Monitoring features. The local group for this role is installed on the Administration and Monitoring Server.
MBAM Helpdesk Users Administrators in this role have access to the Help Desk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server.
MBAM Report Users Administrators in this role have access to the Compliance and Audit Reports from MBAM. The local group for this role is installed on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports.
MBAM Advanced Helpdesk Users Administrators in this role have increased access to the Help Desk features from MBAM. The local group for this role is installed on the Administration and Monitoring Server. If a user is a member of both MBAM Helpdesk Users and MBAM Advanced Helpdesk Users, the MBAM Advanced Helpdesk Users permissions will override the MBAM Helpdesk User permissions.
Important To view reports, an administrative user must be a member of the MBAM Report Users security group on the Administration and Monitoring Server, Compliance and Audit Database, and on the server that hosts the Compliance and Audit Reports feature. As a best practice, create a security group in Active Directory Domain Services with rights on the local MBAM Report Users security group on both the Administration and Monitoring Server and the server that hosts the Compliance and Audit Reports.