Bitlocker Recovery keysSolved

Participant
Discussion
3 years ago

Once the laptop is encrypted, does Hexnode store the Bitlocker Recovery Key information for easy access?

Replies (4)

Marked SolutionPending Review
Participant
3 years ago
Marked SolutionPending Review

I would really like this feature so it is the same as Mac OS

Marked SolutionPending Review
Hexnode Expert
3 years ago
Marked SolutionPending Review

Hi there,

Hope you are doing well,

I’m afraid we currently do not provide the option to escrow the BitLocker recovery key to the Hexnode portal as this feature is currently hindered by the MDM protocol levied by Microsoft. However, our team is working on developing this feature by bypassing the MDM protocol. We shall raise a feature request on your behalf and keep you in the loop with updates.

With the BitLocker policy that we currently offer, you would be able to prompt the user to encrypt the devices. From the BitLocker policy under Policy > Windows > BitLocker, you would have the option to set the recovery options and have the recovery key saved to your Azure AD. You could make use of this option for the time being.

Here is a detailed help doc with more information regarding this https://www.hexnode.com/mobile-device-management/help/how-to-manage-bitlocker-with-hexnode-mdm/

Stay safe and have a great day!

Cheers!
Jeff Black
Hexnode MDM

Marked SolutionPending Review
Participant
2 years ago
Marked SolutionPending Review

Hello,

I would like to add interest to this topic.

If there are restrictions on use with Microsoft, perhaps there is another way, abliet clunky, via scripts.

We could run powershell commands via execute script that could:

1) Export the OS drive recovery key – save usually in txt format

2) allow us to somehow parse the recovery key to a field in Hexnode. Would hexnode allow us to encrypt a field similar to FileVaults? If not, Azure AD (AAD) doesn’t encrypt that field. Only system administrators have access to that security section of AAD, similar to local domain Active Directory Bitlocker Recovery tab.

3) once we have the key store in hexnode – the script could delete the recovery key file saved in step one.

Maybe others have thought about this as well.

Thanks!

Jason Waterman

Lead IT Specialist

Safely You

Marked SolutionPending Review
Hexnode Expert
2 years ago
Marked SolutionPending Review

Hello @jason-waterman,

Thank you so much for your valuable suggestion. We really appreciate it!

We have already picked up the feature to escrow the BitLocker recovery key. We’ll definitely bring this suggestion to our team’s attention so they can add it along with the feature.

In the meanwhile, do check out our latest feature releases and keep the ideas coming!

Regards,
Chloe Edison
Hexnode UEM