Microsoft's MBAM solution (Bitlocker Administration and Monitoring) is being retired. As a result we're moving our Bitlocker administration to Azure.
In trying to emulate MBAM functionality, specifically the self-service portal where recovery keys can be searched for by recovery key IDs. I have got this working using the Powershell SDK and the Get-MgInformationProtectionBitlockerRecoveryKey cmdlet (seriously could this be any longer?), but there's one piece of the MBAM functionality I can't seem to replicate.
MBAM allows for searching by partial recovery IDs (they require just 8 characters), which is nice because who wants to type a full 32 character GUID?
Anyway, it appears the Graph API does not support use of the $filter ODATA syntax, at least for the KeyID field. Attempts to use various filters fails. The MS Graph documentation for this API suggests only the DeviceID supports the $filter option. As such I'm limited to search by the ENTIRE recovery key ID.
I am requesting this API to be enhanced to support the various ODATA filter String Functions, such as startswith(), endswith(), and substringof(), and for all relevant properties.
ODATA reference: https://www.odata.org/documentation/odata-version-3-0/odata-version-3-0-core-protocol/#queryingcollections
Graph documentation regarding obtaining bitlocker keys: https://docs.microsoft.com/en-us/graph/api/bitlocker-list-recoverykeys?view=graph-rest-1.0&tabs=http