- #Backup bitlocker recovery key windows 10 how to#
- #Backup bitlocker recovery key windows 10 password#
- #Backup bitlocker recovery key windows 10 series#
Setting this to Allowed or Required will generate a 48-digit recovery password during BitLocker initialization and send it to Azure AD if the policy Require device to back up recovery information to Azure Active Directory is set to Yes. Setting this to Not configured means that BitLocker encryption will complete even if the recovery key backup to Azure AD fails. If configured to Yes, BitLocker will not complete until the recovery key has been saved to Azure AD. Require device to back up recovery information to Azure AD Ĭonfigure BitLocker recovery package settingsĢ. The key package and password will help decrypt the encrypted volume if the disk becomes corrupted or damaged.įor more information on BitLocker recovery, review this article, especially the Recovery password retrieva l, BitLocker key package, and Retrieving the BitLocker key package sections.The recovery password is a 48-digit recovery password that is used to unlock a volume when the device enters recovery mode.This setting will configure whether the device will back up the password and key or just the key in Azure AD DS. In this scenario, the BitLocker policy is configured to silently encrypt an Azure AD joined device and is set with the following system drive recovery options:Īzure AD joined device system drive recovery settings Recovery options for an Azure AD joined device This method will remove all the keys on the device and back up a single key to either Azure AD or on-premises Active Directory.
#Backup bitlocker recovery key windows 10 how to#
Read this article to discover how to support rotation of the BitLocker recovery key.īitLocker key rotation remote action in the Microsoft Endpoint Manager admin center There are prerequisites that devices must meet to support rotation. Only the key used for recovery is refreshed.Īn administrator can initiate BitLocker key rotation remotely from the Microsoft Endpoint Manager admin center by navigating to Devices > Windows to select the device for the BitLocker key rotation. This option provides a method to back up recovery information to Microsoft Azure Active Directory (Azure AD) or Azure Active Directory Domain Services (Azure AD DS).Īdditionally, new password rotation functionality added in Windows 10, version 1909, allows the recovery key to refresh automatically after it is used to recover a BitLocker enabled device. Since the inception of the BitLocker configuration service provider (CSP) in Windows 10, version 1703, there’s been an option to configure BitLocker recovery on protected operating system (OS) drives. This post walks you through BitLocker recovery options with Windows devices managed with Intune. You can read about the reasons a device enter s recovery mode in the documentation under What causes BitLocker recovery. In the first post, we described occasions when a BitLocker-enabled device enters recovery mode.
#Backup bitlocker recovery key windows 10 series#
This is the fourth blog in our series on using BitLocker with Intune. See the original author and article here.īy Luke Ramsdale – Service Engineer | Microsoft Endpoint Manager – Intune
0 kommentar(er)
