Microsoft's MBAM solution (Bitlocker Administration and Monitoring) is being retired. As a result we're moving our Bitlocker administration to Azure.
In trying to emulate MBAM functionality, specifically the self-service portal where recovery keys can be searched for by recovery key IDs. I have got this working using the Powershell SDK and the Get-MgInformationProtectionBitlockerRecoveryKey cmdlet (seriously could this be any longer?), but there's one piece of the MBAM functionality I can't seem to replicate.
MBAM allows for searching by partial recovery IDs (they require just 8 characters), which is nice because who wants to type a full 32 character GUID?
Anyway, it appears the Graph API does not support use of the $filter ODATA syntax, at least for the KeyID field. Attempts to use various filters fails. The MS Graph documentation for this API suggests only the DeviceID supports the $filter option. As such I'm limited to search by the ENTIRE recovery key ID.
I am requesting this API to be enhanced to support the various ODATA filter String Functions, such as startswith(), endswith(), and substringof(), and for all relevant properties.
Graph documentation regarding obtaining bitlocker keys: https://docs.microsoft.com/en-us/graph/api/bitlocker-list-recoverykeys?view=graph-rest-1.0&tabs=http