Summary

The Recovery Key is stored in Azure AD when joining a device to Azure AD and by activating Bitlocker. To find the recovery key, the details are available for registered devices in the Azure AD Management Portal.

Problem

There are two different use cases where either an end-user or a system administrator needs to find the Bitlocker recovery key. In addition, Microsoft has multiple user interfaces, and administrative URL’s to navigate in order to find the recovery key. While it is helpful to be able to find the recovery key through different interfaces, this confuses the user and complicates training or documentation. This article documents how to find the Bitlocker Recovery Key and the various options.

Option 1, Using the Azure Management Portal
  1. Open the Azure AD resource object in the Management Portal
    https://manage.windowsazure.com
  2. Go to the All Users object and search for the account associated to the device.
  3. Click the user object name to view the profile properties
  4. Go to the Devices object under the Manage heading.
  5. Select the appropriate listed device.
  6. If the device is registered with Bitlocker encryption, then the Bitlocker Key ID and Recovery Key will be visible.
  7. Click the Copy to Clipboard button and paste the data to view the entire string.
Option 2, Using the Microsoft 365 (Intune) Device Management Admin Center or Office 365 Portal
  1. Open the Microsoft 365 admin center https://admin.microsoft.com or https://portal.office.com
  2. Go to the Device Management admin center
  3. The browser will open the Microsoft 365 Device Management interface at https://devicemanagement.microsoft.com
  4. Go the Devices object
  5. Go to the “All devices” object under the Manage section
  6. Search for the appropriate target device
  7. In the “Monitor” section, find and click on “Recovery keys”
  8. Click the Copy to Clipboard button and paste the data to view the entire string.
Option 3, Using the Company Portal website
  1. Sign into the Intune Company Portal website from any device.
  2. In the portal, go to Devices and select the macOS device that is encrypted with FileVault.
  3. Select Get recovery key. The current recovery key is displayed.
  4. On an iPhone, you must select the three dots before the Get recovery key option appears.
References
5 replies
  1. Ernst vH
    Ernst vH says:

    Very helpful! Can you expand on this: what if the key is not there, even though a device compliance policy exists that requires BitLocker?

    Reply
  2. IBM
    IBM says:

    I need BitLocker recovery key.

    Organization I worked is split into two (spin off happened from 01/011). My laptop in first company had my identifier in Azure AD with device registered. But my ID got deleted, device set to “Inactive” mode. I can’t login to system. System ID: DESKTOP-VMNMSIK, Device object id: 090857b2-046a-4e96-b62d-fa2aea3cf588. Contacted my first organization and their answer “Your identities are deleted, we can’t help”. Need Microsoft help to get BitLocker recovery key for getting my data.

    Please help.

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply