Friday, 5 September 2014

Upgrade to MBAM 2.5

MBAM 2.5 was released with MDOP 2014 on 13th May 2014. This was an eagerly awaited release as it added functionality which transformed MBAM into a truly enterprise grade encryption product. In particular it now allows administrators to force users to encrypt their drives (I previously blogged about this here).

This blog post describes an upgrade from MBAM 2.0 SP1 to MBAM 2.5 but can be a reference for upgrades from other versions.

Have a look at the official documentation before you start.

Getting started with MBAM 2.5

Deploying MBAM 2.5

Deploying Server Infrastructure

Configuring MBAM 2.5 Server features

Validating MBAM 2.5

Upgrading to MBAM 2.5  from Previous versions

This last TechNet Library document tells us the steps required to upgrade to MBAM 2.5 from each of the earlier versions.

 OK. Let's crack on. I carried out the following steps to upgrade my stand-alone MBAM environment to V2.5.

Step 1.
Identify the previous version.

MBAM Agent 2.0           --> 2.0.5301.1

MBAM Agent 2.0 SP1   --> 2.1.0117.0

 I see that my current version is MBAM 2.0 SP1 by looking in Programs & Features.

Step 2.
Back up the databases.

My attitude towards backups is - "I'd prefer to be looking at it than looking for it".

Please back up the databases before you start.

Step 3.
Uninstall previous MBAM version (don't worry - the databases will remain intact).

Step 4.
Update the MOF files

Even if you have already done this for a previous version you must do this step again. The MOF files for v2.5 are very slightly different (you have to look closely to see this).


Edit the SMS_DEF.MOF File

See confirmation of the difference when you import the new SMS_DEF.MOF file.

Step 5.
Install MBAM 2.5

Step 6.
Configure MBAM 2.5

You have some choices to make (similar to previous versions).

Installation and configuration completed. See how it tells us that the databases already exist.

Note that I had a problem with prerequisites - required for v2.5 but not my previous version.

Step 7.
Update Group Policy

Have a look at "Deploying MBAM 2.5 Group Policy Objects"

Download MBAM 2.5 Group Policy templates from here

Extract the admx and adml files and copy them to Sysvol on a Domain Controller.

Add the Group Policy Management feature (if you haven't already done so).

New MBAM 2.5 template

You can now force a user to encrypt

Step 7.
Upgrade clients

You can upgrade clients by creating and deploying a ConfigMgr application.

Step 8.

Test, test, test before rolling out to production.


  1. Hi Gerry, Is there a process when moving from a standalone to SCCM?

    1. The ConfigMgr integration with MBAM is no longer supported since Current Branch 1610.