1. Home
  2. Software and Licensing
  3. Windows – Intune Bitlocker Recovery
Searching...

Windows – Intune Bitlocker Recovery

Contents
Draft Article

This article is still a draft and the information contained is subject to change and/or may result in inconsistent results.

Intune leverages BitLocker, Microsoft’s Windows encryption utility, to protect its Windows endpoints. All Windows devices enrolled in Intune must be encrypted, including desktops, laptops, and tablets. This is enforced to maintain compliance with UVM security policy and industry best practices.

BitLocker leverages the Trusted Platform Module (TPM) hardware chip to encrypt devices. If a device does not have a TPM, a pin will be required to encrypt the device. Users with devices that fail to encrypt due to not having a TPM should contact the Tech Team for assistance.

Verify Encryption Status

The easiest method to verify BitLocker status on a Windows device is to look at the status of the C: drive in This PC.

Windows 10

To check in Windows 10:

  1. Open File Explorer
  2. Click on This PC in the left hand navigation
  3. Select the C: Drive
  4. Click on the View tab in the ribbon and then click on Details pane
  5. You will see the BitLocker status on the right side (off in this example)

Windows 11

To check in Windows 11:

  1. Open File Explorer
  2. Click on This PC in the left hand navigation
  3. Select the C: Drive and then click the Details button in the top right.
  4. You will see the BitLocker status on the right side (on in this example)

Key Recovery

If something goes wrong with the computer, BitLocker may prompt for a recovery key in order to unlock the drive prior to the computer booting into Windows. If this happens, users can either reach out to the Tech Team to request a recovery key, or users can go through self service recovery to get a key for computers assigned to them.

Self-Service Recovery

Microsoft provides a self-service recovery method for users needing a BitLocker recovery key. This key is needed if the drive cannot automatically decrypt at boot time. When this happens, BitLocker will show a screen prompting for a recovery key to continue booting. Users can access recovery keys associated with their devices by following these steps:

  1. Open a browser and go to https://myaccount.microsoft.com/. Use your UVM credentials when prompted to sign in.
  2. In your Account Dashboard, click on Manage Devices.
  3. You will see your list of devices, click on the device you need a recovery key for and then click “View Bitlocker Keys”
  4. In the bar that appears that shows your keys for your device, click “Show recovery key”
  5. A window will appear with your recovery key. You can copy it to your clickboard with the copy button. Do not share this key.

  6. Enter the key shown here into the prompt on your computer to decrypt the drive and continue the boot sequence.

Updated on March 27, 2024

Related Articles

Not the solution you were looking for?
Don’t worry we’re here to help!
Submit a Help Ticket