BitLocker behavior when MBAM agent is removed: No Uninstall Option in Control Panel

MBAM (Microsoft BitLocker Administration and Monitoring) is a tool that enables you (organizations) to centrally manage and monitor BitLocker Drive Encryption across Windows devices. In this article, we shall discuss “BitLocker behavior when MBAM agent is removed: Remove MBAM Agent When Uninstall Option is missing”. Please, see Get a list of installed programs locally or remotely in Windows. Also, see how to get MBAM BitLocker Recovery Keys from Microsoft SQL Server.

Note: Admin rights are required when the app was installed system-wide. Please, see How to deploy MBAM for BitLocker Administration.

You may need to understand how BitLocker behaves if the MBAM agent is removed. Particularly if a suitable alternative product is not found before MBAM’s extended support ends in April 2026. Please, see MBAM extended support ends April 2026: Find alternative solution.

Here is how to Set Microsoft Defender AV to Passive mode on a Windows Server, and What you need to know about Microsoft Defender Antivirus. I would recommend reading how to Set Microsoft Defender Antivirus to Passive or Active Mode.

MBAM Agent Behavior on Uninstall

When you uninstall the MDOP MBAM Agent, the drive stays encrypted and BitLocker takes over management directly. Unlike devices still managed by MBAM, Group Policy hides the “Manage BitLocker” option, leaving only the “BitLocker Encryption Option” available for management.

As a result, you can no longer manage the device through the MBAM Helpdesk or Self-Service Portal. However, since the drive remains encrypted and the recovery key is escrowed to Active Directory (if configured via GPO), you must retrieve the key from AD going forward.

Please, see How to install Endpoint Configuration Manager on HyperV VM, and how to install Veeam Backup Console on a Jump Server. Also, see how to fix MSIEXEC returned 1602: Trellix Setup cannot use this account.

Remove MBAM Agent When Uninstall Option is missing

When there is no uninstall option in Control Panel for a program or app as shown below. It is often due to software management restrictions. Some of which are enforced by Microsoft Endpoint Configuration Manager (SCCM), Group Policy, or other enterprise deployment tools. such as Ivanti DSM. These tools can suppress the uninstall option to prevent end users from removing security-critical software.

Also, having the installer or deployment script might include parameters that disable user uninstallation (e.g., ARPNOREMOVE=1 in MSI-based installs). This prevents MBAM from appearing in “Add/Remove Programs” or disables the uninstall button.

Therefore, when the “Uninstall and Change” options for an application are missing in Apps & Features on Windows are likely blocked by 3rd party management tool. You can try to uninstall the app via Command Prompt or PowerShell as discussed below

Please, see how to enable or disable a Remote WMI Connection in Windows. Also, see how to Enable and Disable WMI Traffic through Windows CMD, and Remote WMI Connection: How to enable or disable WMI Traffic Using Firewall UI.

Use wmic for installers (MSI)

You can use WMIC (Windows Management Instrumentation Command-line) to uninstall MSI-based applications by querying their product name or identifying number. This method is useful when the app doesn’t show up in Control Panel or the uninstall option is restricted.

To do this, replace the ‘AppName’ with the name of the application as shown in the image below.

wmic product where "name like 'AppName%%'" call uninstall

Please see Please see this detailed guide on Windows Management Instrumentation: WMI Commands, and how to uninstall installed Windows Update. Here is a guide on Fast Boot Options: Fix specific Drive issue with BitLocker [MBAM].

Use Get-WmiObject or Get-Package in PowerShell

You can use the “Get-WmiObject” or “Get-Package” in PowerShell to retrieve installed applications on a system. Combined with Uninstall() or Uninstall-Package. These commands allow you to script the removal of apps, even when the Control Panel uninstall option is unavailable.

Get-WmiObject -Class Win32_Product | Where-Object { $_.Name -like "*AppName*" } | ForEach-Object { $_.Uninstall() }

Alternatively, you could the “Get-Package” and you will have the desired result.

Get-Package -Name "*AppName*" | Uninstall-Package

As you can see above, the application has been uninstalled as shown above.

Please, see How to install Winget CLI on Windows, Install Applications with Winget CLI on Windows, and how Install SQL Server Management Studio 21 on Windows Server.

Use winget (if supported)

WinGet the Windows Package Manager that is available on Windows 11. It is also available on newer (modern) versions of Windows 10, and Windows Server 2025 as a part of the App Installer. The App Installer is a System Component delivered and updated by the Microsoft store on Windows Desktop versions, and via Updates on Windows Server 2025. If this is not case for you, please follow the steps below.

The WinGet command line tool is only supported on Windows 10 version 1809 (build 17763) or later. WinGet will not be available until you have logged into Windows as a user for the first time. Thereby, triggering Microsoft Store to register the Windows Package Manager as part of an asynchronous process.

Note: If you have recently logged in as a user for the first time and find that WinGet is not yet available. You can open PowerShell and enter the following command to request this WinGet registration according to Microsoft documentation: 

Add-AppxPackage -RegisterByFamilyName -MainPackage Microsoft.DesktopAppInstaller_8wekyb3d8bbwe

Now, Winget is available and can be used to install and uninstall packages on your Windows device.

Let us list the available applications on this device using the command below. This will reveal all the installed applications on the PC.

winget list

Please, see Manage BitLocker and FileVault with Trellix Native Encryption, how to encrypt your system with Trellix Data Encryption, and how to Enable a Pre-Boot BitLocker PIN on Windows.

How to use Winget in Older Versions of Windows

To use winget in older versions of windows from PowerShell. You need to install the Microsoft.WinGet.Client module. Please, see How to keep Apps up to date on Windows devices. This article also discusses the steps to install winget.

If you wish to use a preview version, please download the App Installer from here. Alternatively, you could navigate to the following URL.

Thereafter, you can start using the commands below or as described above to manipulate and uninstall applications on your device.

winget list
winget uninstall "App Name"

Please, see how to install and Manage Applications with Winget, how to install Winget on Windows Server, and how to In-place upgrade of Windows Server 2022 to 2025.

Use the App’s Own Uninstaller

Lastly, in this guide, you can check the installation folder path, such as “C:\Program Files\AppName\uninstall.exe” or “C:\Program Files (x86)\AppName\uninstall.exe”, and then run the uninstaller via Command Prompt or File Explorer.

cmd

"C:\Program Files\AppName\uninstall.exe" /S

FAQs

I hope you found this guide on “BitLocker behavior when MBAM agent is removed: No Uninstall Option in Control Panel” very useful. Please, feel free to leave a comment below.