Share via

Export device encryption status from AzureAD or Export BitLocker Keys from list of devices

Alexey 1 Reputation point
2022-02-22T13:33:31.383+00:00

Good day Community,

I have a query. Say there is in excess of 1000 devices (Windows 10) on the portal all of which have the BitLocker keys uploaded to them. We wish to do an audit amongst other things so is there a way to export the keys to a spreadsheet for example or even export the list of devices incl. the BitLocker keys. Preferably a way to do this without Powershell but if needs be I can use that too! I just really want to have a list of BitLocker keys in one document.

Many Thanks,

Microsoft Security | Microsoft Entra | Microsoft Entra ID
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2022-02-23T19:54:53.727+00:00

    @Alexey
    I understand that you wish to get a list of Azure Disk Encryption disks and their keys. Please correct me if I am misunderstanding.

    You can get a list of encrypted VMs in your subscription using PowerShell. 

    $osVolEncrypted = {(Get-AzVMDiskEncryptionStatus -ResourceGroupName $_.ResourceGroupName -VMName $_.Name).OsVolumeEncrypted}  
$dataVolEncrypted= {(Get-AzVMDiskEncryptionStatus -ResourceGroupName $_.ResourceGroupName -VMName $_.Name).DataVolumesEncrypted}  
Get-AzVm | Format-Table @{Label="MachineName"; Expression={$_.Name}}, @{Label="OsVolumeEncrypted"; Expression=$osVolEncrypted}, @{Label="DataVolumesEncrypted"; Expression=$dataVolEncrypted}

    You can also list all disk encryption secrets used for encrypting VMs in a key vault. 

    Get-AzKeyVaultSecret -VaultName $KeyVaultName | where {$_.Tags.ContainsKey('DiskEncryptionKeyFileName')} | format-table @{Label="MachineName"; Expression={$_.Tags['MachineName']}}, @{Label="VolumeLetter"; Expression={$_.Tags['VolumeLetter']}}, @{Label="EncryptionKeyURL"; Expression={$_.Id}}

    If you would prefer to use the CLI the same information can be found using CLI commands. Please see the section here for a list of commands that can be used.

    Let me know if this helps or if you need further assistance don't hesitate to let us know.

    -------------------------------

    Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.