How to Recover Windows 10 BitLocker Keys from Intune Microsoft Endpoint Manager | Intune? Several reasons might make a Windows 10 device go into recovery mode.
Once recovery mode is enabled, the user needs to put in BitLocker recovery keys to recover the encrypted drive of the Windows 10 machine managed by Microsoft Intune.
Table of Contents
Background – Windows 10 BitLocker Keys
What are the reasons for Windows 10 device go into recovery mode? For example, your organization might have a password security policy that locks you out after a certain number of failed attempts to sign in; Windows 10 PC could have encountered a hardware malfunction, an unexpected configuration change, or another security event.
How to Recover BitLocker Key from Intune Managed Device?
BitLocker recovery key has required helping ensure that only an authorized person can unlock your Windows 10 PC and restore access to your encrypted data. How can we get my BitLocker recovery key? The BitLocker recovery depends on how Windows 1o PC is set up; there are different ways to get your recovery key.
You can recover the key depending on the way you saved the BitLocker recovery key. You can retrieve the BitLocker Recovery Key from Microsoft account if you have a Windows 10 BYO(Bring Your Own) device. Or if you have a BitLocker encrypted Windows 10 CYOD device, the BitLocker recovery key is saved in the Azure Active.
BitLocker Recovery Keys – Windows 10 BYOD Personal Device Managed by Intune
BitLocker Recovery Keys for Windows 10 BYOD can be retrieved from following URL https://onedrive.live.com/RecoveryKey . This is possible when your Windows 10 device is logged in with Microsoft account and you have selected the option BitLocker Recovery Key from Microsoft account.
BitLocker Recovery Keys – Windows 10 CYOD Managed by Intune
We have two options to get the BitLocker Recovery keys for Windows 10 CYOD (Company Owned device).
Users can retrieve their recovery key by going to following site http://myapps.microsoft.com, go to user profile then select Devices and select the device for which they would like to get the BitLocker Recovery keys “https://account.activedirectory.windowsazure.com/r#/profile “.
Second option is to get the BitLocker recovery key from Azure Active Directory “Microsoft Azure – Tenant Name – Users and groups – All users – User Name – Devices – Device“
BitLocker Recovery Keys – Windows 10 BYOD Process – How to Recover Windows 10 BitLocker Keys from Intune Microsoft Endpoint Manager | Intune
Enter the recovery key to get going again. The recovery key can be retrieved using any of the method mentioned in the above sections. I received the following error while booting up the Surface device “You need to enter the recovery key because secure boot policy has unexpectedly changed.”
This screen also provides the URL user has to go to get the recovery key. The user can also get the key ID and Drive Label details from this screen. Once the user finds the BitLocker recovery key for that device and drives, then click on continue to start recovering the drive.
- BitLocker recovery keys: FAQ (frequently asked questions) – here
- Automatic Bitlocker on Windows 10 during Azure AD Join – here
- Find my BitLocker recovery key