Forum Discussion
What admin role grans permission to view devices' bitlocker recovery keys?
Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?
I see this hasn't been updated in a while. Has anyone found a better way to get L1 access to keys without having to assign cloud device admin role?
nathank99 The only change of which I am aware is a private preview feature to provide RBAC for BitLocker keys in Endpoint Manager.
If anyone is still following this thread:
It is Public Preview, but appears to be a proper solution.
- Yes indeed, We have been looking at this. It's important to be aware of the license requirements.
https://docs.microsoft.com/en-gb/azure/active-directory/roles/admin-units-members-dynamic
- I've found the best way is for L1 to help the owner of the device access the recovery key and provide it to support. The users typically have access to the key but just need some handholding. The trouble is if the device is registered to another user or if they don't have access to another phone/computer but that is typically a rare.
