Possibility of more granural access model to MBAM helpdesk and reporting websites
I see one serious drawback of MBAM security model. It seems that there can be only one group for helpdesk (and another for advanced HD).
What I need is possibility to segregate access based on location or division.
Example 1. IT support in India can only provide BitLocker recovery password for Indian machines. Also IT support in Hong-Kong will not be able to get password for non-HK PC.
Example 2. Executive IT support will be the only team capable to get recovery passwords for VIP machines.
... more granular* access model ...