This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 11%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EES%3C/text%3E%3C/svg%3E)
Hello,
is there anyway to have the information : bitlocker key presence per device ?
the Get bitlockerRecoveryKey cmdlet does not help
Get-MgInformationProtectionBitlockerRecoveryKey give all the key but if the device has not escrow the key it is useless.
the goal is to get devices that have not the bitlocker key in azure
having all key per device will be helpfull to get device with missing key.
thank you for your help
BR
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 77%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EM%3C/text%3E%3C/svg%3E)
Why not make all devices backup their key to AAD and log the success? It does not hurt with those that have already saved their key to AAD. A script one liner would do.
it s actually the case with script / remediation in Intune. but it s not the same as list all devices without key for reporting. i didn't imagine that it will be so difficult to get this device information. get all the devices and their key since the opposite is possible with the bitlocker cmdlet.
The cmdlet does allow filtering per device, though executing it that way will take a lot more time. Just in case, here's how to do it:
Get-MgInformationProtectionBitlockerRecoveryKey -Filter "DeviceId eq '05ab7c00-ea9d-4c1b-8dc2-ef539bf2a27b'"
I'd strongly recommend filtering the device list before passing it to the Get-MgInformationProtectionBitlockerRecoveryKey cmdlet.
