Forum Discussion

Andrew Matthews's avatar
Andrew Matthews
Iron Contributor
Sep 12, 2018

Audit Logs for Accessing BitLocker Keys escrowed to Azure AD

Escrowing BitLocker recovery keys to Azure AD is great functionality but I have been asked to find an audit trail when a user or administrator accesses the recovery keys. The IT Security function at an organization that I am working with is concerned that a malicious insider could misuse the recovery keys to decrypt drives. They want to track when a Recovery Key is viewed in Azure AD.

 

I conducted some experiments with administrator and end user accounts but I did not see any audit log entries in the Azure AD audit log.

 

Are audit log entries created for BitLocker Recovery Key escrow and where would I find the audit logs?

No RepliesBe the first to reply

Resources