cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

What admin role grans permission to view devices' bitlocker recovery keys?

%3CLINGO-SUB%20id%3D%22lingo-sub-1587597%22%20slang%3D%22en-US%22%3EWhat%20admin%20role%20grans%20permission%20to%20view%20devices'%20bitlocker%20recovery%20keys%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1587597%22%20slang%3D%22en-US%22%3E%3CP%3EWhich%20of%20the%20standard%20admin%20roles%20is%20required%20to%20view%20bitlocker%20recovery%20keys%20for%20a%20device%20in%20intune%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1587597%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1588289%22%20slang%3D%22en-US%22%3ERe%3A%20What%20admin%20role%20grans%20permission%20to%20view%20devices'%20bitlocker%20recovery%20keys%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1588289%22%20slang%3D%22en-US%22%3EHi%20Steve%2C%3CBR%20%2F%3E%3CBR%20%2F%3EOne%20of%20those%20should%20do%20it!%3CBR%20%2F%3E%3CBR%20%2F%3EGlobal%20admins%3CBR%20%2F%3EIntune%20Service%20Administrators%3CBR%20%2F%3ESecurity%20Administrators%3CBR%20%2F%3ESecurity%20Readers%3CBR%20%2F%3EHelpdesk%20Admins%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20this%20helps!%3CBR%20%2F%3EMoe%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1588284%22%20slang%3D%22en-US%22%3ERe%3A%20What%20admin%20role%20grans%20permission%20to%20view%20devices'%20bitlocker%20recovery%20keys%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1588284%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20Steve%2C%3CBR%20%2F%3E%3CBR%20%2F%3E%3CSPAN%3EOne%20of%20those%20should%20do%20it!%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%3CBR%20%2F%3EGlobal%20admins%3CBR%20%2F%3EIntune%20Service%20Administrators%3CBR%20%2F%3ESecurity%20Administrators%3CBR%20%2F%3ESecurity%20Readers%3CBR%20%2F%3EHelpdesk%20Admins%3CBR%20%2F%3E%3CBR%20%2F%3EHope%20this%20helps!%3CBR%20%2F%3EMoe%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1592876%22%20slang%3D%22en-US%22%3ERe%3A%20What%20admin%20role%20grans%20permission%20to%20view%20devices'%20bitlocker%20recovery%20keys%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1592876%22%20slang%3D%22en-US%22%3EThanks%20Moe.%20I%20didn't%20realize%20at%20first%20that%20access%20to%20the%20keys%20in%20Intune%20was%20controlled%20by%20the%20AAD%20administrator%20roles%2C%20I%20was%20expecting%20it%20to%20be%20part%20of%20one%20of%20the%20Intune%20roles.%3CBR%20%2F%3E%3CBR%20%2F%3EFWIW%2C%20the%20Security%20Reades%20and%20Helpdesk%20Administrator%20roles%20do%20not%20appear%20to%20have%20access%20to%20the%20recovery%20keys%2C%20based%20on%20the%20permissions%20listed%20in%20the%20role%20description.%20The%20Cloud%20Device%20Administrator%20role%20does%20grant%20the%20appropriate%20permission.%3CBR%20%2F%3E%3CBR%20%2F%3EHopefully%20once%20the%20Custom%20Roles%20permission%20is%20expanded%20to%20support%20more%20permissions%2C%20I'll%20be%20able%20to%20grant%20only%20the%20permission%20to%20read%20the%20bitlocker%20keys%20without%20everything%20else%20that%20goes%20with%20Cloud%20Device%20Administrator.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1593728%22%20slang%3D%22en-US%22%3ERe%3A%20What%20admin%20role%20grans%20permission%20to%20view%20devices'%20bitlocker%20recovery%20keys%3F%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1593728%22%20slang%3D%22en-US%22%3EYou%20can%20already%20give%20a%20administrator%20view%20permissions%20on%20'devices'%20within%20Intune.%20I%20suppose%20this%20should%20solve%20your%20issue%20as%20well.%3CBR%20%2F%3EThis%20is%20available%20here%20-%20%3CA%20href%3D%22https%3A%2F%2Fendpoint.microsoft.com%2F%23blade%2FMicrosoft_Intune_DeviceSettings%2FRolesLandingMenuBlade%2Foverview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fendpoint.microsoft.com%2F%23blade%2FMicrosoft_Intune_DeviceSettings%2FRolesLandingMenuBlade%2Foverview%3C%2FA%3E%3C%2FLINGO-BODY%3E
Highlighted
Steve Whitcher
Regular Contributor

‎08-13-2020 11:58 AM

‎08-13-2020 11:58 AM

What admin role grans permission to view devices' bitlocker recovery keys?

Which of the standard admin roles is required to view bitlocker recovery keys for a device in intune?  

 

 

Labels:
217 Views
0 Likes
4 Replies
Reply
4 Replies
Highlighted
Moe_Kinani

‎08-13-2020 08:16 PM - edited ‎08-13-2020 08:25 PM

‎08-13-2020 08:16 PM - edited ‎08-13-2020 08:25 PM

Re: What admin role grans permission to view devices' bitlocker recovery keys?

Hi Steve,

One of those should do it!


Global admins
Intune Service Administrators
Security Administrators
Security Readers
Helpdesk Admins

Hope this helps!
Moe

0 Likes
Reply
Highlighted
Moe_Kinani

‎08-13-2020 08:21 PM

‎08-13-2020 08:21 PM

Re: What admin role grans permission to view devices' bitlocker recovery keys?

Hi Steve,

One of those should do it!

Global admins
Intune Service Administrators
Security Administrators
Security Readers
Helpdesk Admins

Hope this helps!
Moe
1 Like
Reply
Highlighted
Steve Whitcher

‎08-17-2020 06:09 AM

‎08-17-2020 06:09 AM

Re: What admin role grans permission to view devices' bitlocker recovery keys?

Thanks Moe. I didn't realize at first that access to the keys in Intune was controlled by the AAD administrator roles, I was expecting it to be part of one of the Intune roles.

FWIW, the Security Reades and Helpdesk Administrator roles do not appear to have access to the recovery keys, based on the permissions listed in the role description. The Cloud Device Administrator role does grant the appropriate permission.

Hopefully once the Custom Roles permission is expanded to support more permissions, I'll be able to grant only the permission to read the bitlocker keys without everything else that goes with Cloud Device Administrator.
1 Like
Reply
Highlighted
Thijs Lecomte

‎08-17-2020 10:25 AM

‎08-17-2020 10:25 AM

Re: What admin role grans permission to view devices' bitlocker recovery keys?

You can already give a administrator view permissions on 'devices' within Intune. I suppose this should solve your issue as well.
This is available here - https://endpoint.microsoft.com/#blade/Microsoft_Intune_DeviceSettings/RolesLandingMenuBlade/overview
0 Likes
Reply