Forum Discussion
What admin role grans permission to view devices' bitlocker recovery keys?
Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?
Hi Steve,
One of those should do it!
Global admins
Intune Service Administrators
Security Administrators
Security Readers
Helpdesk Admins
Hope this helps!
Moe
- Hi Steve,
One of those should do it!
Global admins
Intune Service Administrators
Security Administrators
Security Readers
Helpdesk Admins
Hope this helps!
Moe- Thanks Moe. I didn't realize at first that access to the keys in Intune was controlled by the AAD administrator roles, I was expecting it to be part of one of the Intune roles.
FWIW, the Security Reades and Helpdesk Administrator roles do not appear to have access to the recovery keys, based on the permissions listed in the role description. The Cloud Device Administrator role does grant the appropriate permission.
Hopefully once the Custom Roles permission is expanded to support more permissions, I'll be able to grant only the permission to read the bitlocker keys without everything else that goes with Cloud Device Administrator.
