Storing your Bitlocker key
When you enroll your Windows 10 devices with Microsoft Intune, you have the posibility to store your Bitlocker recovery keys in Azure AD. There are two ways to store the Bitlocker key the proper way
- Store the Bitlocker key into Active Directory (on-premise)
- Store the Key Into Azure AD (Cloud)
When you use the Azure AD join and activate Bitlocker, you get the option to store the Recovery Key in Azure AD. When you walk through the Join or register the device wizard.
The Key will be stored in the Cloud/ Azure AD. To get these keys in the Classic Azure Portal follow the steps below
Classic Azure Portal steps
- Open Azure AD in the Management Portal https://manage.windowsazure.com
- Open the Users tab and search/browse for the account you need to find recovery key for, then open it.
- Go to the Devices tab, and in the View box, select Devices.
- Select the affected device, and click View Details.
All registed recovery keys should be visible
(New) Azure Portal
Most of you will probably use the (new) azure Portal, to find the keys here is a little different but not to much. Follow the steps bellow to get the recovery keys from Azure AD
- Open Azure AD in the Management Portal https://portal.azure.com
- Open the Users and Groups blade and find the user involved.
- Go to his registred devices of the user.
- Click on the Device where you need the key from,
You will find the recovery key at the bottom of the device information