Need bitlocker recovery to be saved in Entra id

Question

Need bitlocker recovery to be saved in Entra id

Anonymous

We have a client set up which only has Entra id joined devices and no On-Prem AD, we have a requirement of Enabling Bitlocker on the devices which will store the bitlocker recovery keys in Entra ID (Without Intune).

Kindly suggest solution/Steps.

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question. To protect privacy, user profiles for migrated questions are anonymized.

2 answers

Answer 1

Hello,

Thank you for posting in Microsoft Community forum.

Based on the description, I understand your question is related to need bitlocker recovery to be saved in Entra id.

Open the Group Policy Management Console.

Create a new Group Policy Object (GPO) or edit an existing one.

Navigate to Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption.

Enable the policy Store BitLocker recovery information in Active Directory Domain Services (AD DS).

Configure the policy to back up recovery passwords and key packages.

Have a nice day.

Best Regards,

Molly

Answer 2

Hi Molly,

Stumbled across this post, the instructions you provided appear to be for Active Directory backup via on-prem Group Policy.

The original question is how to back it up to Entra AD without use of on-prem Active Directory, also without using Intune to manage the device.

URath

I'm not certain this is possible without either enrolling the devices in Intune Management, or possibly using Microsoft Defender endpoint to manage the escrow of Bitlocker recovery to Entra. I'm also exploring this and found this article. So far I've not been able to make it work.

Share via

Need bitlocker recovery to be saved in Entra id

2 answers