Posted on by

MAK vs. KMS – The Complete Guide to Microsoft Volume Activation

MAK vs. KMS: The Complete Guide to Microsoft Volume Activation

When purchasing Volume Licenses for Windows or Office, administrators are often presented with two acronyms that dictate how their software will be activated: MAK (Multiple Activation Key) and KMS (Key Management Service). Choosing the wrong one can lead to administrative headaches, deactivated clients, or wasted license keys.

This comprehensive guide analyzes both methods, their architecture, pros and cons, and best practices for modern IT environments.

1. Multiple Activation Key (MAK)

How it Works

MAK functions similarly to the retail product keys many consumers are familiar with. You enter the 25-character alphanumeric string on a client machine, and the machine connects to Microsoft’s activation servers over the internet to validate the key.

There are two ways to use MAK:
1. MAK Independent Activation: Each computer connects to Microsoft individually. Ideally suited for computers that are not connected to the corporate network.
2. MAK Proxy Activation: Using a tool like VAMT (Volume Activation Management Tool), one centralized server gathers activation requests from multiple clients and sends them to Microsoft in a single batch.

The Mechanics

  • One-Time Activation: Once activated, the machine does not need to renew its status (unless significant hardware changes occur or the OS is reinstalled).
  • Finite Limit: Each MAK key has a pre-determined number of activations (e.g., 500). Every time you activate a machine, that counter decreases.
  • Depletion: Once the count hits zero, the key stops working until you call Microsoft Support to request an increase.

Best Use Cases for MAK

  • Field Laptops: Devices that rarely connect to the VPN or corporate office.
  • Isolated Networks: High-security zones that cannot talk to an internal KMS server (using Proxy activation).
  • Small Deployments: If you have fewer than 25 Windows machines or fewer than 5 Office installations, KMS simply won’t work (due to threshold requirements), so MAK is your only choice.

2. Key Management Service (KMS)

How it Works

KMS is a client-server topology. You install a KMS Host Key on a server within your network. This server validates your organization’s legitimacy with Microsoft once. From that point on, KMS Clients (your desktops/laptops) activate by talking to your local server, not Microsoft.

The Mechanics

  • Leased Activation: Activation is temporary. A client is activated for 180 days. It attempts to renew this lease every 7 days. If a machine stays off the network for >180 days, it falls into a “Notification” (unlicensed) state.
  • Activation Threshold: KMS requires a minimum number of unique clients to start working:
    • Windows Server: 5 Clients
    • Windows Client (10/11): 25 Clients
    • Office: 5 Clients
  • DNS Auto-Discovery: Clients automatically find the KMS server via SRV records (_vlmcs._tcp), meaning zero configuration is needed on the endpoints.

Best Use Cases for KMS

  • Large Fleets: Environments with >50 machines.
  • Labs and Classrooms: Machines that are re-imaged frequently. Since KMS doesn’t consume a “key count,” you can reimage the same lab 100 times a week without depleting any licenses.
  • Secure Internal Networks: Networks that do not allow endpoints to have direct internet access.

3. Active Directory-Based Activation (ADBA)

It is worth mentioning the successor to KMS: ADBA.
Introduced in Server 2012, ADBA allows machines to activate simply by joining the domain. The license object is stored in AD.
* Pros: No additional server to manage; instant activation upon domain join.
* Cons: Only works for Windows 8/Server 2012 and newer; requires Domain Controller schema updates.
* Most organizations run ADBA + KMS (KMS for legacy/workgroup machines, ADBA for domain members).

Comparison Summary

Feature MAK KMS
Connection Requirement Internet (to Microsoft) Local Network (to KMS Host)
Activation Duration Perpetual (mostly) 180 Days (Renewable)
Limit Finite Counter Unlimited
Setup Complexity Low Medium
Client Requirement None 25 (Windows) / 5 (Office)

The Verdict: Which one to use?

The industry standard best practice is the Hybrid Model:
1. Use KMS (or ADBA) for 90-95% of your infrastructure (on-prem desktops, regular office laptops, VDI environments). This preserves your sanity for re-imaging.
2. Use MAK for the specific 5-10% of “special case” machines: air-gapped systems, consultants’ off-network laptops, or small branch offices without VPN connectivity.

By using KMS for your bulk activation, you protect your precious MAK activation counts for the devices that truly need them.