Sep 12 2018
01:14 AM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Sep 12 2018
01:14 AM
- last edited on
Jan 14 2022
05:22 PM
by
TechCommunityAP
Escrowing BitLocker recovery keys to Azure AD is great functionality but I have been asked to find an audit trail when a user or administrator accesses the recovery keys. The IT Security function at an organization that I am working with is concerned that a malicious insider could misuse the recovery keys to decrypt drives. They want to track when a Recovery Key is viewed in Azure AD.
I conducted some experiments with administrator and end user accounts but I did not see any audit log entries in the Azure AD audit log.
Are audit log entries created for BitLocker Recovery Key escrow and where would I find the audit logs?