We understand that many Helpdesk team members have diligently retrieved device recovery keys through calls and emails.
Microsoft introduced this feature in May, 2024, empowering end users to retrieve their own recovery keys. This not only reduces the number of calls and email tickets but also enhances user autonomy and efficiency.
It’s a straightforward process:
- All devices should be enrolled into Intune (for company devices)
- Enable Users can check their BitLocker recovery Key(s) from their owned device via Entra ID.
How to do it:
- log in to Microsoft Entra ID with the proper permission; go to Identity> Devices> Overview> Device Settings. Check the “Other Settings” option to ensure the Restriction is on “NO” so the end users can self-check their BitLocker Recovery Key(s) from their own devices. Because “Yes” restricts non-admin users to see BitLocker Recovery Key.
2. Go to Intune Company Portal website and select Devices. Then you will see all your devices there, pick the one you want to get the BitLocker Recovery Key.
3. Auditing, if your security team is worried about who is going to log in, you can monitor all activities Who logs in, State/Time, what application, IP address, Authentication method, and more from Microsoft Entra ID go to Identity > Monitoring & health > Sign-in logs
4. You can also further secure your environment by adding conditional access to users with personal devices to meet specific requirements before entering the portal, such as a specific update of Windows.
Thanks for reading
Have a nice weekend 🙂