This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(297.6, 28.000000000000004%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN%3C/text%3E%3C/svg%3E)
We have a 3rd party support agency that handles about 200 of our laptops. They are all Azure AD joined. We want to give them rights to retrieve only bitlocker key information. What is the most restrictive way to setup the new support accounts to do this? They don’t currently have accounts to sign into our tenant. We don’t want to them to be able to assign policies or software or modify any Azure/Intune settings. Later on down the road, we may want to allow them to view device information (in addition to bitlocker keys) for them to see what applications might be installed or collect diagnostic data and so on. But first we are starting with just bitlocker information.
Thank RahulJindal for the valuable input.
@net1994 Have all the concern been addressed? Is there any other assistance that we can provide?
If RahulJindal's reply is helpful, please accept his answer. It will make someone else who has the similar issue easily find the direction.
Thanks for your kindness in advance.
This may help. 3185209