diff --git a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md
index 433cd7e9a0..90b2910573 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md
@@ -518,4 +518,53 @@ Export a new key package from an unlocked, BitLocker-protected volume. Local adm
 
    strRecoveryPassword = objFveInfo.Get("msFVE-RecoveryPassword")
    strKeyPackage = objFveInfo.Get("msFVE-KeyPackage")
--->
\ No newline at end of file
+-->
+
+### Example: retrieve Bitlocker recovery keys for a Microsoft Entra joined device
+
+``` PowerShell
+function Get-EntraBitLockerKeys{
+    [CmdletBinding()]
+    param (
+        [Parameter(Mandatory = $true, HelpMessage = "Device name to retrieve the BitLocker keys from Microsoft Entra ID")]
+        [string]$DeviceName
+    )
+    $DeviceID = (Get-MGDevice -filter "displayName eq '$DeviceName'").DeviceId
+    if ($DeviceID){
+      $KeyIds = (Get-MgInformationProtectionBitlockerRecoveryKey -Filter "deviceId eq '$DeviceId'").Id
+      if ($keyIds) {
+        Write-Host -ForegroundColor Yellow "Device name: $devicename"
+        foreach ($keyId in $keyIds) {
+          $recoveryKey = (Get-MgInformationProtectionBitlockerRecoveryKey -BitlockerRecoveryKeyId $keyId -Select "key").key
+          Write-Host -ForegroundColor White " Key id: $keyid"
+          Write-Host -ForegroundColor Cyan " BitLocker recovery key: $recoveryKey" 
+        }
+        } else {
+        Write-Host -ForegroundColor Red "No BitLocker recovery keys found for device $DeviceName"
+      }
+    } else {
+        Write-Host -ForegroundColor Red "Device $DeviceName not found"
+    }
+}
+
+Install-Module Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Force
+Import-Module Microsoft.Graph.Identity.SignIns
+Connect-MgGraph -Scopes 'BitlockerKey.Read.All' -NoWelcome
+```
+
+### Output example
+
+``` PowerShell
+PS C:\> Get-EntraBitLockerKeys -DeviceName DESKTOP-53O32QI
+Device name: DESKTOP-53O32QI
+ Key id: 4290b6c0-b17a-497a-8552-272cc30e80d4
+ BitLocker recovery key: 496298-461032-321464-595518-463221-173943-033616-139579
+ Key id: 045219ec-a53b-41ae-b310-08ec883aaedd
+ BitLocker recovery key: 158422-038236-492536-574783-256300-205084-114356-069773
+ Key id: 69622eba-9068-449d-bc94-53e375cf5d58
+ BitLocker recovery key: 117612-564564-392623-622424-499697-461120-039083-522236
+ Key id: 96723a5a-1cf7-4fd6-8142-1c6603195aec
+ BitLocker recovery key: 230428-214104-446864-180785-025949-078650-715165-409893
+ Key id: 6a7e153f-d5e9-4547-96d6-174ff0d0bdb4
+ BitLocker recovery key: 241846-437393-298925-499389-123255-123640-709808-330682
+```
\ No newline at end of file