none
grant permissions to read BitLocker recovery Key RRS feed

  • Question

  • Hi,

    how can I grant permissions to the users from my HelpDesk department to read the BitLocker recovery Key in Windows Intune? I've added their AD Group (we have AD Synchronization) into Intune Help Desk Operator role - didn't help.

    They still can't see the key like I can.

    They get an error - access denied:

    Thank you in advance.

    Friday, November 15, 2019 8:43 AM

Answers

  • Hello,

    To achieve that, you must grant the Azure AD permissions, NOT Intune roles, since this permission is controlled by Azure AD. 

    In Azure AD portal, you can grant the user account with the Cloud device administrator permission, which enables to read the recovery key.

    More details about the settings, please see the following screenshots.

    Best regards,
    Andy Liu


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, November 18, 2019 8:31 AM
  • In Azure AD portal, you can grant the user account with the Cloud device administrator permission, which enables to read the recovery key.

    Hello Andy. Thank you for your answer! It works! But admins permissions is too much for the users. We gave them HelpDesk Administrators:

    • Marked as answer by Anahaym Monday, November 18, 2019 11:40 AM
    Monday, November 18, 2019 11:22 AM

All replies