Tech Community Live: Endpoint Manager edition
Jul 21 2022, 08:00 AM - 12:00 PM (PDT)
SOLVED

BitLokcer Recovery key for L1 support

%3CLINGO-SUB%20id%3D%22lingo-sub-3273422%22%20slang%3D%22en-US%22%3EBitLokcer%20Recovery%20key%20for%20L1%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3273422%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20was%20plaining%20to%20grant%20L1%20support%20access%20for%20BitLocker%20recovery%20keys%2C%20any%20help%20with%20how%20I%20can%20implement%20this%20solution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMany%20Thanks.%3C%2FP%3E%3CP%3EMohammad%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-3273422%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EBitLocker%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3273491%22%20slang%3D%22en-US%22%3ERe%3A%20BitLokcer%20Recovery%20key%20for%20L1%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3273491%22%20slang%3D%22en-US%22%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fazure-ad-rbac-custom-roles-amp-administrative-units-for-devices%2Fba-p%2F3185209%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-active-directory-identity%2Fazure-ad-rbac-custom-roles-amp-administrative-units-for-devices%2Fba-p%2F3185209%3C%2FA%3E%20Just%20available%20now%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3273477%22%20slang%3D%22en-US%22%3ERe%3A%20BitLokcer%20Recovery%20key%20for%20L1%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3273477%22%20slang%3D%22en-US%22%3EHello%2C%3CBR%20%2F%3E%3CBR%20%2F%3EWhat%20I'm%20plaining%20to%20do%20is%20to%20create%20an%20Administrative%20unit%20for%20each%20entity%20we%20have%20in%20the%20company%20and%20include%20the%20devices%20that%20belong%20to%20this%20entity%20by%20a%20dynamic%20rule%20then%20add%20a%20helpdesk%20admin%20to%20this%20AU%2C%20do%20u%20think%20this%20solution%20is%20going%20to%20work%3F%3CBR%20%2F%3E%3CBR%20%2F%3EStill%20testing%20this.%3CBR%20%2F%3EMany%20thanks%20%3A)%3C%2Fimg%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-3273446%22%20slang%3D%22en-US%22%3ERe%3A%20BitLokcer%20Recovery%20key%20for%20L1%20support%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3273446%22%20slang%3D%22en-US%22%3EThese%20Roles%20can%20view%20the%20keys%3A%3CBR%20%2F%3E%3CBR%20%2F%3EGlobal%20admins%3CBR%20%2F%3EIntune%20Service%20Administrators%3CBR%20%2F%3ESecurity%20Administrators%3CBR%20%2F%3ESecurity%20Readers%3CBR%20%2F%3EHelpdesk%20Admins%3CBR%20%2F%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-intune%2Fwhat-admin-role-grans-permission-to-view-devices-bitlocker%2Fm-p%2F1587597%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fmicrosoft-intune%2Fwhat-admin-role-grans-permission-to-view-devices-bitlocker%2Fm-p%2F1587597%3C%2FA%3E%3C%2FLINGO-BODY%3E
New Contributor

Hello, 

 

I was plaining to grant L1 support access for BitLocker recovery keys, any help with how I can implement this solution.

 

Many Thanks.

Mohammad

3 Replies
These Roles can view the keys:

Global admins
Intune Service Administrators
Security Administrators
Security Readers
Helpdesk Admins

https://techcommunity.microsoft.com/t5/microsoft-intune/what-admin-role-grans-permission-to-view-dev...
Hello,

What I'm plaining to do is to create an Administrative unit for each entity we have in the company and include the devices that belong to this entity by a dynamic rule then add a helpdesk admin to this AU, do u think this solution is going to work?

Still testing this.
Many thanks :)
best response confirmed by Mohammad_Elayyan (New Contributor)