Moving away from Safeguard


Has anyone got any experience moving away from Safeguard to MBAM/AD key management? Just want to know people thoughts and experiences as this is something we are considering doing. 

Many Thanks


  • Hi Tom - obviously an awkward question to ask but.... :)

    Yes, I have experimented with moving away from Sophos and populating AD with the keys. We have AD AND AAD AND Sophos here for BLRK and it all seems to work ok. 

    I will be shortly experimenting scripting the removal of Sophos to automate this whole process too. Since Sophos is only managing BLK already, I don't think it'll be to much of a challenge. I don't though have FE - just DE. I'm hoping with a reboot (unavoidable I think) to fully (and cleanly) removed the Cred provider/client I should be good to go? That's my belief anyway! :)

    I'll keep you updated


  • In reply to MichaelMcLannahan:

    Thanks Michael, 

    It would be interesting to know how you get on, We have a nightmare here with Safeguard which is why we are looking to phase it out competently, we've got about 5000 devices to do! 

    Many Thanks



  • In reply to TomHilton:

    All Windows devices Tom or a mixed estate?


    What's been the nightmare? Are you devices already bound to AD and what OS? All TPM?

  • In reply to MichaelMcLannahan:

    All windows 10 with TPM so it should dare I say be a piece of cake.. 

    Just has it's little quirks.. devices randomly not syncing, certificate issues, User assignment problems, Safeguard Credential Provider issues, the list goes on really.

    We don't use any features of Safeguard so it seems a lot of effort/overheads just to backup keys. I'm also going to some digging on MBAM which we have a licence for, and try and utilize that along side AD.