Aug 13 2020 11:58 AM
Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?
Aug 13 2020 08:16 PM - edited Aug 13 2020 08:25 PM
Hi Steve,
One of those should do it!
Global admins
Intune Service Administrators
Security Administrators
Security Readers
Helpdesk Admins
Hope this helps!
Moe
Aug 13 2020 08:21 PM
Aug 17 2020 06:09 AM
Nov 05 2020 02:10 PM
Interesting that we have to use excessive permissions from AAD to allow access to Bitlocker recovery keys. I don't think L1 needs to reset passwords, when they only need to relay the key to a user when needed. However, Helpdesk admin AAD role is the best we can do ATTM it appears.
In addition, the documentation
Jan 27 2021 01:06 AM
@Ken Rappold Have you ever found a solution for that?
I'm also trying to give our service desk guys the ability to retrieve Bitlocker keys out of Intune (Endpoint Manager), but giving almost all "Read" rights with a custom role, they still get an error, as soon as they click on "Recovery keys".
Jan 27 2021 05:58 AM
@ReneZimmermann - Not thus far and haven't escalated this more than what you see in these posts. I may escalate when/if time allows.
Feb 01 2021 12:21 PM
Feb 02 2021 05:26 AM
@Thijs Lecomte - Agree, but the documentation states "
... you can view and manage BitLocker recovery keys when you view the encryption report. ... "
My input here is the data in the report should be made available via an RBAC permission. At a minimum, the Help Desk Role should be able to view the report and bitlocker recovery keys within.
Feb 03 2021 06:21 AM
Feb 03 2021 11:24 AM
@Thijs Lecomte and overpermissioned when all we need is L1 to access BitLocker keys for users.
Mar 30 2021 06:00 AM
May 11 2021 07:50 AM
May 13 2021 11:24 AM
May 19 2021 07:55 AM
May 22 2021 07:33 AM
May 24 2021 06:56 AM
@Rudy_Ooms_MVP - Interesting. Thank you for sharing.
Dec 15 2021 06:56 AM
Dec 15 2021 07:29 AM
@nathank99 The only change of which I am aware is a private preview feature to provide RBAC for BitLocker keys in Endpoint Manager.
Dec 15 2021 08:09 AM