There will likely come a time when you will need to retrieve a BitLocker Recovery Key. The reasons you may need to recover this security feature can vary. Personally, I’ve experienced an assortment of needs for the BitLocker Recovery key.

The commonality between each retrieval experience, however, typically stems from a hardware issue. I’ve witnessed the need to retrieve the key occur when a motherboard was replaced, a Bios update was run, and even when a laptop was stolen.

In the past, if an end user needed to retrieve their BitLocker Recovery Key, they’d typically have the call into IT to even begin to find the recovery key. That’s not necessarily the case anymore if they are listed as the owner of the device in Azure Active Directory. If this sounds like your situation, you can check out how to recover the key in section 1.3 below.

If you are an administrator, you will likely get a number of requests for the key regardless of the Self-Service Portal’s capabilities. In this instance, there are two approaches to retrieve your BitLocker Recover Key. This first being through Endpoint Manager and the other through Azure AD. You can follow the instructions below step-by-step to get the key.

 1.1 Endpoint Manager

  1. Log into Endpoint Manager and search for the device by selecting “Devices”, “Windows”, and then entering the device name or serial number. Once the device appears click on it.

2. In the left pane, select “Recovery keys”.

3. Select “Show Recovery Key”. Note: If there is more than one entry, use the “BITLOCKER KEY ID” to select the correct “BITLOCKER RECOVERY KEY”.

4. The following screen will appear with the BitLocker Recovery Key.

1.2 Azure AD

5. Log into Azure Portal and select the Azure Active Directory blade, search for the device by entering the device name or serial number in the search box (1). When the device is found select it to open the record (2).

6. Select Show Recovery Key”. Note: If there is more than one entry, use the “BITLOCKER KEY ID” to select the correct “BITLOCKER RECOVERY KEY”.

1.3 Self-Service Portal (End user can access if they are listed as an “Owner” of the device in Azure AD).

7. Log into the Self-Service Portal and select “Devices”.

8. Select the drop-down arrow next to the device in question.

9. Select “View BitLocker Keys”.

10. Select “Show recovery key”

11. A window will appear in the middle of the screen with the BitLocker Recovery Key.

Congratulations!

TOM BERNARDINI

Tom is our Modern Work & Security Engineer in the US, based out of South Florida. Having worked most of his 15 years in the IT industry in the medical sector, he was first introduced to the MDM/MAM while working at BlackBerry. Along with his experience working for an MSP (Managed Services Provider), Tom has a strong focus on clients’ business needs, both large and small.