Intune – End-user self-service BitLocker recovery key

If you manage Windows/macOS devices fleet you already know that it is recommended to enable disk encryption on these devices (either through GPO or Intune) with recovery information saved in Entra ID.

Then you also already know that administrators (global administrator, cloud device administrator, helpdesk administrator, Intune administrator or security administrator or reader) can read the BitLocker details from the device blade or using the BitLocker keys blade.

Well, good news as now your end-user can now also use a self-service to get their device BitLocker key details.

NOTE 1 this is not currently available through the Company Portal application; only from the Intune portal (Microsoft Intune Web Company Portal).

You will need to allow end-user to recover encryption details from the Entra ID\Device settings options. The ‘”Restrict users from recovering the BitLocker key(s) for their own devices” must be set to No


Now you can instruct your end-users to connect to the Intune portal (Microsoft Intune Web Company Portal) to access the Devices option


From there, they have to select the device they want to recover the key and access the Get recovery key option of the device under the Device encryption section


Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.