MBAM & TruGrid


MBAM (Microsoft BitLocker Administration and Monitoring) & TruGrid

The Microsoft product called MBAM (Microsoft BitLocker Administration and Monitoring) can be used to manage BitLocker within the enterprise. Below are suggestions for the implementation of MBAM and how it compares to an implementation with TruGrid.

  • MBAM requires licensed versions of MS SQL Server Standard or above (see database server requirements here). TruGrid does not require any additional infrastructure be implemented or supported by the company.

  • MBAM requires machines be joined to AD (Active Directory); MBAM does not support non-AD joined machines. TruGrid supports both AD and non-AD joined machines.

  • MBAM requires enterprise-level planning, preparation and deployment of new infrastructure and configurations. MBAM Getting Started is over 80 pages thick. MBAM requires weeks for implementation. MBAM implementation and infrastructure cost can range between $25K to $75K, depending on the level of redundancy required and machines to be supported. TruGrid can be deployed immediately to machines without any additional infrastructure. MSI packages are automatically generated and can be directly or mass installed onto machines (via your favorite existing deployment technology).

  • MBAM requires that machines connect to AD to be enforced with MBAM related Group Policies. For remote machines, this often occurs via VPN connections, however, some remote machines might not check in for days or weeks at a time and therefore not get enforced with new Group Policy updates and will not reflect accurately on compliance reports. TruGrid does not require machines to check into AD to be enforced. TruGrid also does not require machines to check into AD in order to accurately report on them within compliance reports.

  • MBAM requires having sufficient technical support staff with the skills necessary to support the following infrastructure: AD, SCCM, Group Policies, Microsoft SQL, IIS Web Server, MBAM. Additionally, they should be able to manage the lifecycle of all these products, including upgrades, patching, and migration. IT labor cost to manage MBAM, assuming shared IT service labor, can range between $50K and $80K per year.

  • To enable geo-redundancy and failover, MBAM would require SQL Clusters and load-balanced IIS servers. TruGrid provides all of this with scalable cloud services and no additional infrastructure on-premise.

  • MBAM does not support multiple tenants due to its Active Directory dependency. TruGrid natively supports multi-tenancy. This is important for Service Providers managing many customer environments.

  • MBAM requires an MBAM specific client be installed onto each machine that is to be managed via MBAM. TruGrid also requires a client and the MSI file takes under 30 seconds to install and has auto update technology built into it.


Take a look at this quick 3-minute video showing how easily new endpoints can be enrolled into the TruGrid Device Management (IoT) for BitLocker Management.

Or sign up for a free 15-day trial to try out TruGrid Device Management.