The Microsoft BitLocker Administration and Monitoring (MBAM) Client software enables administrators to enforce and monitor BitLocker Drive Encryption on computers in the enterprise. The BitLocker client can be integrated into an organization by deploying the client through an electronic software distribution system such as Ivanti DSM, and GPO, or by directly encrypting the client computers as part of the initial imaging process. In this article, you will learn how to fix the MBAM Client Deployment is only supported on MBAM 2.5 SP1. Please see Unable to find my BitLocker Recovery Key, how to check if Microsoft BitLocker Administration and Monitoring (MBAM) is installed on Windows, and Windows Screen Resolution: How to fix HyperV Virtual Machine display taking over the entire screen.
Depending on when you deploy the Microsoft BitLocker Administration and Monitoring client. You can enable BitLocker Drive Encryption on a computer in your organization either before the end user receives the computer or afterward. Kindly refer to these related guides: How to unlock a fixed drive protected by BitLocker, how to deploy Microsoft BitLocker Administration and Monitoring Tool, how to correctly disable Microsoft BitLocker Administration and Monitoring encrypted devices, and how to uninstall your current version of MBAM and run setup again.
Reason for the Error
The MBAM Client was initially integrated into MDT alone without including the Servicing update as recommended. For MBAM 2.5 SP1, you must have the release version of MBAM 2.5 SP1 installed. The October 2020 servicing release for Microsoft Desktop Optimization Pack can be downloaded from the following link. Below is an image of the BDD log.
MBAM Client Deployment is only supported on MBAM 2.5 SP1 – Resolution
Kindly bundle the
MBAM client and the October 2020 servicing release for Microsoft Desktop Optimization Pack downloaded from the link above and
re-create a new Application of it.
Please follow all the steps discussed in this guide for a flawless integration or setup. Please see “how to deploy MBAM Client to Computers as Part of a Windows Deployment“.
Note Beginning in MBAM 2.5 SP1, a separate MSI is no longer included with the MBAM product. However, you can extract the MSI from the executable file (.exe) that is included with the product.
Update the Deployment Share
When you are done, do not fail to update the deployment share. Please see The connection was denied because the user is not authorized for remote Login: Enable Remote Desktop Connection on Windows 11 for non-administrators or selected users. How to fix an action cannot be completed because the computer is open in wimserv. Creating an offline local repository in Linux, and how to export and import Windows Start layout.
Now take the image to WDS
Start a new image deployment as shown below.
When these steps are completed. The MBAM agent will work as specified and should be able to apply the BitLocker/MBAM policies to your device. As you can see, the encryption is in progress.
It’s recommended that you install the agent near the end of the OSD task sequence. So that the encryption does not slow your deployment down. Please see MBAM Frequent Report Errors: Understanding Microsoft BitLocker Administration and Monitoring compliance state and error status, and Implemented MBAM: Here is how to hide the Default BitLocker Drive Encryption item in the Windows Control Panel.
Now let’s verify the device compliance status! As you can see the device is a complaint as shown in the image below. This means the Recovery keys were successfully escrowed to the database.
I hope you found this blog post helpful on how to fix the MBAM Client Deployment is only supported on MBAM 2.5 SP1. Please let me know in the comment session if you have any questions.