How to Backup BitLocker Key to Azure AD Using PowerShell

BitLocker is a security feature built into Windows that provides encryption for entire volumes. It addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. By encrypting the hard drive where Windows is installed, or the entire computer if it has multiple drives, BitLocker helps protect your data.

BitLocker is particularly useful as it provides protection against unauthorised changes to your system such as firmware-level malware. It also helps mitigate unauthorised data access by enhancing file and system protections. BitLocker is an essential tool for securing your data, especially when data breaches and information theft are common.

The Command

Here is the command that we’ll be using:

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId

This command backs up the BitLocker key protector of type “RecoveryPassword” for the system drive to AAD.

Outputting the Key Protector to the Screen

If you want to output the key protector to the screen, you can use the following command:

(Get-BitLockerVolume -MountPoint C).KeyProtector

This command retrieves the key protector for the C drive and outputs it to the screen.