Converting from storing your BitLocker keys in Active Directory to Azure AD? Good choice, together with Microsoft Intune you are very well positioned to manage BitLocker, with support of Key rotation from Intune and client side.
But maybe you noticed that not all your Windows device have stored the keys in Azure AD? No problem here is a quick and simple PowerShell script/oneliner to backup your recovery key to Azure AD
BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId
BackupToAAD-BitLockerKeyProtector saves the key to Azure AD but it needs some input
Mountpoint – the systemdrive, usally C:
KeyProtectorId – the Id of the KeyProtector of RecoveryPassword type
Deploy and wait… the result should more or less be instant
The same error for my.
LikeLike
Hi Mattias,
thank you for wonderful powershell script to backup bitlocker recovery password to Azure AD from domain joined machine
however it is not working few of them and getting Exception from HRESULT :0x801C0450 error
Please help.
LikeLike
Got this same error and it was because it was still encrypting the drive
LikeLike