![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 84%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECP%3C/text%3E%3C/svg%3E)
Microsoft Security | Intune | Configuration Manager | Other
Other Configuration Manager-related features and issues
@El3ttriko-5155
Thank you for posting in Microsoft Q&A forum.
If we don't have a management point with an HTTPS-enabled website, we can not use recovery service, Configuration Manager doesn't save key recovery information.
The Client connections property of the management point can be HTTP or HTTPS. If the management point is configured for HTTP, to support the BitLocker recovery service:
- Acquire a server authentication certificate. Bind the certificate to the IIS website on the management point that hosts the BitLocker recovery service.
- Configure clients to trust the server authentication certificate.
For more details about HTTPS-enable the IIS website, you may refwer to:
https://learn.microsoft.com/en-us/mem/configmgr/protect/deploy-use/bitlocker/encrypt-recovery-data-transit#https-enable-the-iis-website
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.