Powershell Script to copy Bitlocker keys of all volumes to Azure Active Directory

We had a requirement to enable bitlocker on user computers using intune. Setting bitlocker was quite straight forward. However, we could not see the Recovery keys for many devices in endpoint manager or active directory. After some search, I found a script on:

How to force escrowing of Bitlocker recovery keys using Intune

This script was helpful to get the recovery keys in intune for the system volume. However, it didn’t get the keys for other volumes. Hence, my search continued.

Then I found a script on:

Trying to back up my Bitlocker Key to ADDS Through Script

By merging the above 2 scripts, I created the following customised script which did the job for me:

foreach ($BLV in Get-BitLockerVolume){

if ($BLV.VolumeStatus -like “FullyEncrypted”){

foreach ($Key in $BLV.KeyProtector) {

if ($Key -like “RecoveryPassword”) {

BackupToAAD-BitLockerKeyProtector -MountPoint $BLV.MountPoint -KeyProtectorId $Key.KeyProtectorId

}#if

}#foreach

}#if

}#foreach