Azure AD – New way to find the BitLocker recovery key
As you know when you enable BitLocker with Intune you have the option (highly recommended by the way) to save the recovery key into Azure AD.
When BitLocker is enabled on a Windows device, the recovery key can be saved to Azure Active Directory (Azure AD), a USB, a file, or even printed. End-users can access this key for their owned device through Azure AD or by going to their device properties.
If you don’t know how to access it through Azure AD, first go to Azure AD and then click on the Devices blade. From here, you can access the BitLocker keys (Preview).
First, you need to make sure that you’ve updated your authorisation policy to turn off the self-service BitLocker key access, which can be done using the Microsoft Graph PowerShell module.
Once this authorisation policy has been updated, the following Azure AD roles will be able to access they key:
As you know when you enable BitLocker with Intune you have the option (highly recommended by the way) to save the recovery key into Azure AD.
Microsoft is providing easier way to manage user accounts without the need of a support call to your helpdesk.
As you know, Microsoft has embarked to a password-less journey by providing more secure authentication process with Windows Hello or FIDO2 security...