Connect to Microsoft Graph
Connect-MgGraph -Scopes "DeviceManagementManagedDevices.Read.All"
Get all managed devices with BitLocker information
$devices = Get-MgDeviceManagementManagedDevice -Filter "operatingSystem eq 'Windows'" -Select "id,deviceName"
foreach ($device in $devices) {
$bitlockerKey = Get-MgDeviceManagementManagedDeviceBitLockerRecoveryKey -ManagedDeviceId $device.Id
# Export to CSV or store as needed
}
- Using the Intune Portal:
- Navigate to Endpoint Manager admin center
- Go to Devices > All devices
- Select a device
- Click on "BitLocker" tab
- View or export recovery keys
- Using the Intune Portal:
- Navigate to Endpoint Manager admin center
- Go to Devices > All devices
- Select a device
- Click on "BitLocker" tab
- View or export recovery keys
PowerShell Script to export all keys:
Install required module if not present
Install-Module -Name Microsoft.Graph.Intune
Connect to MS Graph
Connect-MSGraph
Get all Windows devices
$devices = Get-IntuneManagedDevice | Where-Object operatingSystem -eq "Windows"
Create array for results
$results = @()
foreach ($device in $devices) {
$bitlockerKeys = Get-IntuneManagedDeviceBitLockerRecoveryKey -managedDeviceId $device.id
foreach ($key in $bitlockerKeys) {
$results += [PSCustomObject]@{
DeviceName = $device.deviceName
UserPrincipalName = $device.userPrincipalName
DriveType = $key.driveType
RecoveryKey = $key.key
VolumeId = $key.volumeId
CreatedDateTime = $key.createdDateTime
}
}
}
Export to CSV
$results | Export-Csv -Path "BitLockerKeys.csv" -NoTypeInformation
- Using Azure Portal:
- Azure Portal > Azure Active Directory
- Devices > All devices
- Select device
- BitLocker tab
- View recovery keys
- Using Azure Portal:
- Azure Portal > Azure Active Directory
- Devices > All devices
- Select device
- BitLocker tab
- View recovery keys