Forum Discussion

Steve Whitcher's avatar
Steve Whitcher
Bronze Contributor
Aug 13, 2020

What admin role grans permission to view devices' bitlocker recovery keys?

Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?      
Intune
ReneZimmermann's avatar
ReneZimmermann
Copper Contributor

Ken Rappold Have you ever found a solution for that?

I'm also trying to give our service desk guys the ability to retrieve Bitlocker keys out of Intune (Endpoint Manager), but giving almost all "Read" rights with a custom role, they still get an error, as soon as they click on "Recovery keys".

Ken Rappold's avatar
Ken Rappold
Brass Contributor
Jan 27, 2021

ReneZimmermann - Not thus far and haven't escalated this more than what you see in these posts. I may escalate when/if time allows.

  • Thijs Lecomte's avatar
    Thijs Lecomte
    Bronze Contributor
    Feb 01, 2021
    Bitlocker keys are not a part of Intune, but of AAD. So you need an AAD role for them to see the keys. Helpdesk admin is one of the ways to do it
    • Ken Rappold's avatar
      Ken Rappold
      Brass Contributor
      Feb 02, 2021

      Thijs Lecomte - Agree, but the documentation states "

      ... you can view and manage BitLocker recovery keys when you view the encryption report. ... "

      My input here is the data in the report should be made available via an RBAC permission. At a minimum, the Help Desk Role should be able to view the report and bitlocker recovery keys within.

      • Thijs Lecomte's avatar
        Thijs Lecomte
        Bronze Contributor
        Feb 03, 2021
        I agree, it's a pain 😕

Resources