The full script is available on This entry was posted in , and tagged , , by. Now the encryption process is done and your data is secure. In lines 18-24 we know the snapin is registered but it may or may not be loaded. You will be prompted to choose where you want to save your recovery key. One of the great benefits for Azure Active Directory is the ability to store BitLocker encryption keys online. Let us consider how to configure Active Directory to store BitLocker recovery information. With this installed, we are ready to take a look at the script.
Line 7 and 8 are where we use the cmdlets provided by the Quest snap-ins. InvokeRestMethodCommand Invoke-RestMethod : 401 — Unauthorized: Access is denied due to invalid credentials. If you email a copy of that information to helpdesk eoas. There is no way to automate the Encryption process from Intune. More You can get more information about Bitlocker. Select Remote Server Administration Tools, expand Feature Administration Tools, expand BitLocker Drive Encryption Administration Utilities, and finally select BitLocker Recovery Password Viewer. Like so… Now, from the user side, they will receive a notification that their device is not compliant with company policy and that Encryption is needed.
In Server Manager, select Manage. By default, only members of the Domain Admins group have access to view BitLocker recovery information, so if you run Get-BitLockerRecovery. In your step above You can do the same in Azure Active Directory by going to. Perhaps You have thoughts on this? The feature requests have already been submit on the Uservoice site. I ended up having to tweak a few things in order to get this to work. This can take some time… But know that you can work as normal alongside the encryption process.
At the time of this post, there seems to be no way to automate this process at this time but who knows what the future holds. Click Next, then click Install. But how do we recover the drive in the case where we loose access to it. Click Next through the wizard until you get to Features. There is a bit of room for improvement here, as the folder path specified must pre-exist or the script will fail.
Name of the BitLocker recovery object is limited to 64 characters, so the original should be allowed a 48-bit password. More information can be found. But I hope we at some point will be able to execute PowerShell scripts, where we could automate the process. Select Save to your cloud domain account 4. Figure 1 shows the BitLocker Recovery tab for a computer object. Recovery Key Granted user Note In the example above, I set the right to Full Control on the property.
Overview The following information explains how to retrieve a copy of the Bitlocker recovery key using the PowerShell console. InvokeRestMethodCommand Invoke-RestMethod : 401 — Unauthorized: Access is denied due to invalid credentials. I appreciate all of the suggestions that were provided. I want the path and filename to the report to be specified as a command line parameter to keep the script flexible. For more information about the details, see in the TechNet documentation. I think the BitLocker Administration Tools feature needs to be enabled first. Go to Users and Groups and search for the user.
The query in line 7 will get a collection of objects that have Bitlocker recovery information. We display a helpful message and exit the script. As always - PowerShell to the rescue. The query in line 8 will build a collection will all Windows 7 and Vista computer objects. In line 4 we create an object for the current computer and then in lines 7-10 we add the desired properties. I found out I could do this pretty easily in Powershell, and thought I would document that here.
To view the recovery key from the Azure Portal, you should go to Azure Active Directory - Devices - All devices, just choose the click the specific device, and you can see the BitLocker Key. The script outputs objects with the properties listed in Table 1. But in case when number of machines on the network is more than 100, this task becomes much more complicated. Choose the new Encryption mode which is Xts Aes 128 Start encryption and go to a long lunch. Click on the notification to start Encryption process. Select Turn On BitLocker 3.