deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

operations guide

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-10-18 11:49:23 -04:00
parent cb100c150c
commit 750f92b8a5
1 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
View File

@ -4,7 +4,7 @@ description: Learn how to use different tools to manage and operate BitLocker.
ms.collection:
- tier1
ms.topic: how-to
ms.date: 07/25/2023
ms.date: 10/18/2023
---
# BitLocker operations guide
@ -521,19 +521,23 @@ Obtain the ID of the new recovery password:
(Get-BitLockerVolume -mountpoint $env:SystemDrive).KeyProtector | where-object {$_.KeyProtectorType -eq 'RecoveryPassword'} | ft KeyProtectorId,RecoveryPassword
```
> [!NOTE]
>This next steps are not required if the policy setting [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered) is configured to **Require BitLocker backup to AD DS**.
Copy the ID of the recovery password from the output.
Backup the BitLocker recovery password to Microsoft Entra ID.
> [!NOTE]
>This step is not required if the policy setting [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered) is configured to **Require BitLocker backup to AD DS**.
Using the GUID from the previous step, replace the `{ID}` in the following command:
Using the GUID from the previous step, replace the `{ID}` in the following command and use the following command to backup the recovery password to Microsoft Entra ID:
```PowerShell
BackuptoAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId "{ID}"
```
Or use the following command to backup the recovery password to Active Directory:
```PowerShell
Backup-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId "{ID}"
```
> [!NOTE]
> The braces `{}` must be included in the ID string.
@ -557,14 +561,16 @@ Obtain the ID of the new recovery password:
manage-bde.exe -protectors -get C: -Type RecoveryPassword
```
Copy the ID of the recovery password from the output.
Backup the BitLocker recovery password to Microsoft Entra ID.
> [!NOTE]
>This step is not required if the policy setting [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered) is configured to **Require BitLocker backup to AD DS**.
>This following steps are not required if the policy setting [Choose how BitLocker-protected operating system drives can be recovered](configure.md?tabs=os#choose-how-bitlocker-protected-operating-system-drives-can-be-recovered) is configured to **Require BitLocker backup to AD DS**.
Using the GUID from the previous step, replace the `{ID}` in the following command:
Using the GUID from the previous step, replace the `{ID}` in the following command and use the following command to backup the recovery password to Microsoft Entra ID:
```cmd
manage-bde.exe -protectors -aadbackup C: -id {ID}
```
Or use the following command to backup the recovery password to Active Directory:
```cmd
manage-bde.exe -protectors -adbackup C: -id {ID}
@ -618,4 +624,3 @@ BitLocker decryption using the Control Panel is done using a wizard. After openi
Once decryption is complete, the drive updates its status in the Control Panel and becomes available for encryption.
---