Windows bitlocker recovery key generator
Managing BitLocker recovery keys has become much easier and more end user friendly if one uses either Microsoft accounts or Azure AD accounts to manage them.
WINDOWS BITLOCKER RECOVERY KEY GENERATOR PASSWORD
Should the laptop be stolen, if an attacker attempts to reset the password or remove the hard drive to read the information on the drive, BitLocker ensures that an attacker cannot read the information on the encrypted disk.īitLocker is just one tool of many to keep data safe. It’s key in this era of mobile data to ensure devices are encrypted. Earlier versions of active directory schema need additional configuration. To view the recovery keys, enable the BitLocker Drive Encryption Administration utility. As long as you have Server 2012 or higher, the ability to manage BitLocker recovery keys is enabled by default. If you don’t have access to Azure AD, you can use on-premises Active Directory to manage your BitLocker recovery keys. If the device is hooked to Azure AD, find the BitLocker recovery key in the device information linked in your Azure AD section, Susan Bradley If you needed to provide the recovery key for the drive during the boot process, log in using a different device, log into the devices recovery key website listed with your Microsoft account credentials, copy the recovery key, and enter the key into the BitLocker recovery window process. You will see the BitLocker recovery key listed: Susan Bradley Log into your Microsoft support account using another device. If the system logs in with a Microsoft account, look for the BitLocker recovery keys under the device information. BitLocker recovery keys can be found and accessed several ways. If you’ve ever added a Microsoft account to a Surface device and then run into a recovery problem, you know that a Surface device automatically backs up the BitLocker recovery key to the Microsoft account. Once the recovery key is backed up, you can recover the BitLockered device should something occur to the drive. You can save the recovery key to a file, by printing it out and, best of all, automatically saving the recovery key to a cloud domain account. When a system has been joined with Azure AD, even if the BitLocker encryption process is self-managed, the user will be prompted to save the BitLocker credentials at the beginning of the encryption process.
Management of BitLocker recovery keys often concerns large organizations, especially the ability to store them safely. The report gives you an overview of the computers that have encryption enabled, the operating system, the operating system version, the TPM version, encryption readiness, the status of the encryption and the user principal name assigned to the system.
Sign in to the Intune portal and go to “ Device Configuration ”, and then under “Monitor” select “Encryption report”. For devices registered with Intune, use the Intune Encryption report to determine the status. What if you want to review more than one computer at a time? Use Azure AD or Intune to review the status. If you need to determine if BitLocker is enabled remotely, add the name of the computer to the command: manage-bde -status -computername **computername** Finding multiple BitLocker-enabled devices If the device does not have BitLocker, it will indicate the drive is fully decrypted. The manage-bde -status c: command indicates whether BitLocker is enabled on the device. Using PowerShell to find BitLocker-enabled devices
In the meantime, what can you do to inventory your network to determine which devices have BitLocker? Plenty. Microsoft recently announced that it will add advanced management tools to track and manage BitLocker in the coming months to SCCM and Intune. BitLocker is designed to be silent, so much so that you might forget which machines have it enabled and which ones do not. When you patch, BitLocker is normally silent and doesn’t interfere in the patching process. It reminded me that we often forget which devices have BitLocker.
WINDOWS BITLOCKER RECOVERY KEY GENERATOR UPDATE
A recent Microsoft Support knowledgebase article and servicing stack update for Windows operating systems offers a fix for a race condition issue introduced by a secure boot feature update, which caused patching to trigger a BitLocker recovery password.