With Windows 10, Microsoft fully supports Azure AD (Active Directory) Join out of the box. This is great for small and medium sized companies who don’t have any on-premises infrastructure and heavily leverages the cloud. One of the great benefits for Azure Active Directory is the ability to store BitLocker encryption keys online. This quick guide already assumes the computer is already joined to Azure Active Directory. At the time of this post, there seems to be no way to automate this process at this time but who knows what the future holds.
BitLocker setup and storing the keys in Azure AD
1. Access the BitLocker menu by clicking on the Windows Icon > Type in Bitlocker > Select Manage BitLocker
2. Select Turn On BitLocker
3. You will be prompted to choose where you want to save your recovery key. Select Save to your cloud domain account
4. Now select the Drive Encryption Preference > Next > Select the Drive Encryption Mode > Next > Start Encrypting
At this point, the encryption process on your hard drive should now begin and the BitLocker recovery key has been stored in Azure Active Directory. Below are the steps on how to access the key in AzureAD in the event the computer is prompted for it.
Accessing the BitLocker Recovery Key in Azure Active Directory
1. Azure Active Directory is currently in the classic portal so login here: https://manage.windowsazure.com with your credentials and select your Active Directory Name
2. Select Users at the top then search and select the user that the computer is assigned to. In my case, it was Test User
3. Once the user profile appears, select Devices > Change the View drop down box to Devices > Select the computer Hostname (in my case it was DESKTOP-QM6QLOH) > Select View Details in the bottom
4. The BitLocker Recovery Key will appear in the window here