By default, this operation doesn't return the key property that represents the actual recovery key. To include the key property in the response, use the $select OData query parameter. Including the $select query parameter triggers a Microsoft Entra audit of the operation and generates an audit log. For more information on audit logs for bitlocker recovery keys, see the KeyManagement category filter of Microsoft Entra audit logs.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type
Least privileged permissions
Higher privileged permissions
Delegated (work or school account)
BitLockerKey.ReadBasic.All
BitLockerKey.Read.All
Delegated (personal Microsoft account)
Not supported.
Not supported.
Application
Not supported.
Not supported.
For delegated permissions, the calling user must be the registered owner of the device that the BitLocker recovery key was originally backed up from, or they must be in at least one of the following Microsoft Entra roles:
Cloud device administrator
Helpdesk administrator
Intune service administrator
Security administrator
Security reader
Global reader
HTTP request
To get the specified BitLocker key without returning the key property:
GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}
To get the specified BitLocker key including its key property:
GET /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}?$select=key
Optional query parameters
This method supports the $select OData query parameter to return the key property. For general information, see OData query parameters.
GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4
User-Agent: Dsreg/10.0 (Windows 10.0.19043.1466)
ocp-client-name: My Friendly Client
ocp-client-version: 1.2
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.InformationProtection.Bitlocker.RecoveryKeys["{bitlockerRecoveryKey-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.Headers.Add("User-Agent", "Dsreg/10.0");
requestConfiguration.Headers.Add("ocp-client-name", "My Friendly Client");
requestConfiguration.Headers.Add("ocp-client-version", "1.2");
});
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphinformationprotection "github.com/microsoftgraph/msgraph-sdk-go/informationprotection"
//other-imports
)
headers := abstractions.NewRequestHeaders()
headers.Add("User-Agent", "Dsreg/10.0")
headers.Add("ocp-client-name", "My Friendly Client")
headers.Add("ocp-client-version", "1.2")
configuration := &graphinformationprotection.InformationProtectionBitlockerRecoveryKeyItemRequestBuilderGetRequestConfiguration{
Headers: headers,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
recoveryKeys, err := graphClient.InformationProtection().Bitlocker().RecoveryKeys().ByBitlockerRecoveryKeyId("bitlockerRecoveryKey-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
BitlockerRecoveryKey result = graphClient.informationProtection().bitlocker().recoveryKeys().byBitlockerRecoveryKeyId("{bitlockerRecoveryKey-id}").get(requestConfiguration -> {
requestConfiguration.headers.add("User-Agent", "Dsreg/10.0");
requestConfiguration.headers.add("ocp-client-name", "My Friendly Client");
requestConfiguration.headers.add("ocp-client-version", "1.2");
});
GET https://graph.microsoft.com/v1.0/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4?$select=key
User-Agent: Dsreg/10.0 (Windows 10.0.19043.1466)
ocp-client-name: My Friendly Client
ocp-client-version: 1.2
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.InformationProtection.Bitlocker.RecoveryKeys["{bitlockerRecoveryKey-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Select = new string []{ "key" };
requestConfiguration.Headers.Add("User-Agent", "Dsreg/10.0");
requestConfiguration.Headers.Add("ocp-client-name", "My Friendly Client");
requestConfiguration.Headers.Add("ocp-client-version", "1.2");
});
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
abstractions "github.com/microsoft/kiota-abstractions-go"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphinformationprotection "github.com/microsoftgraph/msgraph-sdk-go/informationprotection"
//other-imports
)
headers := abstractions.NewRequestHeaders()
headers.Add("User-Agent", "Dsreg/10.0")
headers.Add("ocp-client-name", "My Friendly Client")
headers.Add("ocp-client-version", "1.2")
requestParameters := &graphinformationprotection.InformationProtectionBitlockerRecoveryKeyItemRequestBuilderGetQueryParameters{
Select: [] string {"key"},
}
configuration := &graphinformationprotection.InformationProtectionBitlockerRecoveryKeyItemRequestBuilderGetRequestConfiguration{
Headers: headers,
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
recoveryKeys, err := graphClient.InformationProtection().Bitlocker().RecoveryKeys().ByBitlockerRecoveryKeyId("bitlockerRecoveryKey-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
BitlockerRecoveryKey result = graphClient.informationProtection().bitlocker().recoveryKeys().byBitlockerRecoveryKeyId("{bitlockerRecoveryKey-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.select = new String []{"key"};
requestConfiguration.headers.add("User-Agent", "Dsreg/10.0");
requestConfiguration.headers.add("ocp-client-name", "My Friendly Client");
requestConfiguration.headers.add("ocp-client-version", "1.2");
});
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.