Forum Discussion
What admin role grans permission to view devices' bitlocker recovery keys?
Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?
ReneZimmermann - Not thus far and haven't escalated this more than what you see in these posts. I may escalate when/if time allows.
Bitlocker keys are not a part of Intune, but of AAD. So you need an AAD role for them to see the keys. Helpdesk admin is one of the ways to do it
Thijs Lecomte - Agree, but the https://docs.microsoft.com/en-us/mem/intune/protect/encrypt-devices states "
... you can view and manage BitLocker recovery keys when you view the encryption report. ... "
My input here is the data in the report should be made available via an RBAC permission. At a minimum, the Help Desk Role should be able to view the report and bitlocker recovery keys within.
- I agree, it's a pain 😕
Thijs Lecomte and overpermissioned when all we need is L1 to access BitLocker keys for users.