MBAM & TruGrid


MBAM (Microsoft BitLocker Administration and Monitoring) & TruGrid

The Microsoft product called MBAM (Microsoft BitLocker Administration and Monitoring) can be used to manage BitLocker within the enterprise. Below are suggestions for the implementation of MBAM and how it compares to an implementation with TruGrid.

  • MBAM requires licensed versions of MS SQL Server Standard or above (see database server requirements here). TruGrid does not require any additional infrastructure be implemented or supported by the company.

  • MBAM requires machines be joined to AD (Active Directory); MBAM does not support non-AD joined machines. TruGrid supports both AD and non-AD joined machines.

  • MBAM requires enterprise-level planning, preparation and deployment of new infrastructure and configurations. We recommend allocating several days to weeks for the implementation of MBAM. Please refer to the Getting Started guide here and note the implementation guide alone is over 80 pages. We estimate the infrastructure cost to implement MBAM to be at least $25K to $75K depending on the level of redundancy required and machines to be supported. TruGrid can be deployed immediately to machines without any additional infrastructure. MSI packages are automatically generated and can be directly or mass installed onto machines (via your favorite existing deployment technology).

  • MBAM requires that machines connect to AD to be enforced with MBAM related Group Policies. For remote machines, this often occurs via VPN connections, however, some remote machines might not check in for days or weeks at a time and therefore not get enforced with new Group Policy updates and will not reflect accurately on compliance reports. TruGrid does not require machines to check into AD to be enforced. TruGrid also does not require machines to check into AD in order to accurately report on them within compliance reports.

  • MBAM requires having sufficient technical support staff with the skills necessary to support the following infrastructure: AD, SCCM, Group Policies, Microsoft SQL, IIS Web Server, MBAM. Additionally they should be able to manage the lifecycle of all these products, including upgrades, patching, and migration. We estimate the IT labor cost to manage this infrastructure, assuming shared IT service labor, to at minimum be $50K-$80K per year.

  • To enable geo-redundancy and failover, MBAM would require SQL Clusters and load-balanced IIS servers. TruGrid provides all of this for you in the cloud and no additional infrastructure is required from your side.

  • If you would like to have a multi-tenant environment, you would need to implement separate instances for each client environment. MBAM does not support multiple tenants. TruGrid natively supports this. This is important for Service Providers managing many customer environments.

  • MBAM requires an MBAM specific client be installed onto each machine that is to be managed via MBAM. TruGrid also requires a client and the MSI file takes under 30 seconds to install and has auto update technology built into it.


Take a look at this quick 3-minute video showing how easily new endpoints can be enrolled into the TruGrid Device Management (IoT) for BitLocker Management.

Or sign up for a free 15-day trial to try out TruGrid Device Management.