Once the laptop is encrypted, does Hexnode store the Bitlocker Recovery Key information for easy access?
Bitlocker Recovery keysSolved
Tags
Replies (4)
I would really like this feature so it is the same as Mac OS
Hi there,
Hope you are doing well,
I’m afraid we currently do not provide the option to escrow the BitLocker recovery key to the Hexnode portal as this feature is currently hindered by the MDM protocol levied by Microsoft. However, our team is working on developing this feature by bypassing the MDM protocol. We shall raise a feature request on your behalf and keep you in the loop with updates.
With the BitLocker policy that we currently offer, you would be able to prompt the user to encrypt the devices. From the BitLocker policy under Policy > Windows > BitLocker, you would have the option to set the recovery options and have the recovery key saved to your Azure AD. You could make use of this option for the time being.
Here is a detailed help doc with more information regarding this https://www.hexnode.com/mobile-device-management/help/how-to-manage-bitlocker-with-hexnode-mdm/
Stay safe and have a great day!
Cheers!
Jeff Black
Hexnode MDM
Hello,
I would like to add interest to this topic.
If there are restrictions on use with Microsoft, perhaps there is another way, abliet clunky, via scripts.
We could run powershell commands via execute script that could:
1) Export the OS drive recovery key – save usually in txt format
2) allow us to somehow parse the recovery key to a field in Hexnode. Would hexnode allow us to encrypt a field similar to FileVaults? If not, Azure AD (AAD) doesn’t encrypt that field. Only system administrators have access to that security section of AAD, similar to local domain Active Directory Bitlocker Recovery tab.
3) once we have the key store in hexnode – the script could delete the recovery key file saved in step one.
Maybe others have thought about this as well.
Thanks!
Jason Waterman
Lead IT Specialist
Safely You
Hello @jason-waterman,
Thank you so much for your valuable suggestion. We really appreciate it!
We have already picked up the feature to escrow the BitLocker recovery key. We’ll definitely bring this suggestion to our team’s attention so they can add it along with the feature.
In the meanwhile, do check out our latest feature releases and keep the ideas coming!
Regards,
Chloe Edison
Hexnode UEM