IT shops that use Microsoft's Desktop Optimization Pack will receive expanded encryption and security management features in a new release of the software due out next month.
Microsoft released the Microsoft Desktop Optimization Pack (MDOP) 2011 R2 at its Worldwide Partner Conference 2011 in Los Angeles this week. Microsoft typically releases MDOP tool updates twice per year, and this is the second update.
MDOP 2011 R2 will offer BitLocker Administration Monitoring, as well as the Diagnostic and Recovery Toolset 7.0 and other updates that add desktop security and management features to the product suite. Microsoft BitLocker Administration and Monitoring (MBAM) helps IT pros who want to centrally manage full-disk encryption and enforce encryption policies, particularly on laptops, said Donald Retallack, an analyst at Directions on Microsoft, an independent firm based in Kirkland, Wash.
"Providing BitLocker as a part of a Windows 7 deployment will speed provisioning without impacting the end user," Retallack said. "The tool also makes it easier for companies to record compliance and, of course, BitLocker itself reduces the risk of information leakage or theft."
Other features in MBAM 1.0 include the ability to retrieve recovery keys via a webpage for helpdesk administrators and a way to protect recovery keys by storing them in an encrypted database. MBAM beta initially became available in March.
Although the new release adds MBAM and updates other components, many IT shops value MDOP for the desktop virtualization technologies it contains -- namely, App-V and MED-V, Retallack said.
Earlier this year, Microsoft updated those virtualization tools with the release of App-V 4.6 SP1 and Med-V 2.0. App-V is for application virtualization and Med-V lets IT run applications that aren't supported or tested on Windows 7 in a virtual Windows XP environment. Med-V version 2.0 also supports running App-V within a MED-V environment.
MDOP 2011 R2 includes
- Asset Inventory Service (AIS) 2.0
- Application Virtualization (App-V) 4.6 SP1
- Advanced Group Policy Management
- Diagnostic and Recovery Toolset (DaRT) 7.0
- Microsoft Enterprise Desktop Virtualization (Med-V) 2.0
- Desktop Error Monitoring (DEM)
- Microsoft BitLocker Administration and Monitoring (MBAM) 1.0
What's new in MDOP 2011 R2
In addition to adding a BitLocker tool, Microsoft updated its existing MDOP software.
The Diagnostic and Recovery Toolset (DaRT), which lets IT pros remotely diagnose and fix problems with end user computers. Without DaRT, admins have to go to end users' desks to do offline machine boots to collect information using a USB stick, diagnose the issue, fix it, then bring the machine back online.
DaRT 7.0 also includes more customization options, so IT pros can create DaRT images that restrict end-user access to tools, while these same tools available to Helpdesk and IT staff. It also includes flexible deployment options, so IT can deploy DaRT via PXE, USB, CD, DVD or to the local recovery partition.
MDOP 2011 R2 will also include Asset Inventory Service (AIS) 2.0 with an updated/localized user interface and improved software reporting and inventory capabilities.
The two MDOP components that didn't get updated this year include Advanced Group Policy Management and the Desktop Error Monitoring (DEM) tool, though they will be supported during the normal product lifecycle.
MDOP is available to Software Assurance customers and as an optional add-on to Windows Intune customers. MDOP is also available to customers with Virtual Desktop Access (VDA) licenses. MDOP subscriptions cost $10 per desktop, per year.
Analysts say MDOP is a good value because the price of using even a few of the tools individually is far more expensive than the cost of MDOP.
Microsoft sweetens MDOP deal with Intune
Dig deeper on Endpoint security management tools