deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-16 10:53:43 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

sample PS

Browse Source
This commit is contained in:
Paolo Matarazzo
2023-10-02 14:25:40 -04:00
parent eb02fd55f7
commit 7e6cea1ca0
1 changed files with 50 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan.md
View File

@ -518,4 +518,53 @@ Export a new key package from an unlocked, BitLocker-protected volume. Local adm
strRecoveryPassword = objFveInfo.Get("msFVE-RecoveryPassword") strRecoveryPassword = objFveInfo.Get("msFVE-RecoveryPassword")
strKeyPackage = objFveInfo.Get("msFVE-KeyPackage") strKeyPackage = objFveInfo.Get("msFVE-KeyPackage")
--> -->
### Example: retrieve Bitlocker recovery keys for a Microsoft Entra joined device
``` PowerShell
function Get-EntraBitLockerKeys{
[CmdletBinding()]
param (
[Parameter(Mandatory = $true, HelpMessage = "Device name to retrieve the BitLocker keys from Microsoft Entra ID")]
[string]$DeviceName
)
$DeviceID = (Get-MGDevice -filter "displayName eq '$DeviceName'").DeviceId
if ($DeviceID){
$KeyIds = (Get-MgInformationProtectionBitlockerRecoveryKey -Filter "deviceId eq '$DeviceId'").Id
if ($keyIds) {
Write-Host -ForegroundColor Yellow "Device name: $devicename"
foreach ($keyId in $keyIds) {
$recoveryKey = (Get-MgInformationProtectionBitlockerRecoveryKey -BitlockerRecoveryKeyId $keyId -Select "key").key
Write-Host -ForegroundColor White " Key id: $keyid"
Write-Host -ForegroundColor Cyan " BitLocker recovery key: $recoveryKey"
}
} else {
Write-Host -ForegroundColor Red "No BitLocker recovery keys found for device $DeviceName"
}
} else {
Write-Host -ForegroundColor Red "Device $DeviceName not found"
}
}
Install-Module Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Force
Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes 'BitlockerKey.Read.All' -NoWelcome
```
### Output example
``` PowerShell
PS C:\> Get-EntraBitLockerKeys -DeviceName DESKTOP-53O32QI
Device name: DESKTOP-53O32QI
Key id: 4290b6c0-b17a-497a-8552-272cc30e80d4
BitLocker recovery key: 496298-461032-321464-595518-463221-173943-033616-139579
Key id: 045219ec-a53b-41ae-b310-08ec883aaedd
BitLocker recovery key: 158422-038236-492536-574783-256300-205084-114356-069773
Key id: 69622eba-9068-449d-bc94-53e375cf5d58
BitLocker recovery key: 117612-564564-392623-622424-499697-461120-039083-522236
Key id: 96723a5a-1cf7-4fd6-8142-1c6603195aec
BitLocker recovery key: 230428-214104-446864-180785-025949-078650-715165-409893
Key id: 6a7e153f-d5e9-4547-96d6-174ff0d0bdb4
BitLocker recovery key: 241846-437393-298925-499389-123255-123640-709808-330682
```