Backup BitLocker recovery key to Azure AD?

Posted by

Converting from storing your BitLocker keys in Active Directory to Azure AD? Good choice, together with Microsoft Intune you are very well positioned to manage BitLocker, with support of Key rotation from Intune and client side.

But maybe you noticed that not all your Windows device have stored the keys in Azure AD? No problem here is a quick and simple PowerShell script/oneliner to backup your recovery key to Azure AD

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId

BackupToAAD-BitLockerKeyProtector saves the key to Azure AD but it needs some input

Mountpoint – the systemdrive, usally C:

KeyProtectorId – the Id of the KeyProtector of RecoveryPassword type

Deploy and wait… the result should more or less be instant


  1. Hi Mattias,
    thank you for wonderful powershell script to backup bitlocker recovery password to Azure AD from domain joined machine
    however it is not working few of them and getting Exception from HRESULT :0x801C0450 error
    Please help.


Leave a comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.