Backup BitLocker recovery key to Azure AD?

Posted by

Converting from storing your BitLocker keys in Active Directory to Azure AD? Good choice, together with Microsoft Intune you are very well positioned to manage BitLocker, with support of Key rotation from Intune and client side.

But maybe you noticed that not all your Windows device have stored the keys in Azure AD? No problem here is a quick and simple PowerShell script/oneliner to backup your recovery key to Azure AD

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId

BackupToAAD-BitLockerKeyProtector saves the key to Azure AD but it needs some input

Mountpoint – the systemdrive, usally C:

KeyProtectorId – the Id of the KeyProtector of RecoveryPassword type

Deploy and wait… the result should more or less be instant

Leave a comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.