I would like to export all Bitlocker recovery keys stored in Azure AD on a daily basis in an automated way via PowerShell cmdlet https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.signins/get-mginformationprotectionbitlockerrecoverykey?view=graph-powershell-1.0 which uses the Graph endpoint https://learn.microsoft.com/en-us/graph/api/bitlockerrecoverykey-get?view=graph-rest-1.0. Currently this endpoint only supports the permission type "Delegated (work or school account)" which basically requires a service user on my end to authenticate against the Azure AD app registration in my script.
As certificate-based-authentication is strongly recommended in scripting scenarios I would like to ask you to enable the permission type "Application" for this endpoint.
Thanks and kind regards,
Dominik
1 Comment
I totally agree with this. I have exactly the same problem in my environment.
