Bitlocker Key and Cloud Domain RRS feed

  • Question

  • If Windows 10 says my key was successfully saved to my cloud domain? Does it exist somewhere? My University says it's not on the domain. Why does Windows 10 give a successful saved message?

    Friday, August 10, 2018 9:50 PM

All replies

  • If you were logged on with a Microsoft account or with a domain account that has got an MS account associated to it, you would expect to find the key at
    Saturday, August 11, 2018 11:46 AM
  • I was logged into my Microsoft account, but when you add you school calendar to Windows 10, bitlocker stops saving keys to Microsoft and saves them to “cloud domain.” I’ve been told the key then goes to Microsoft Azure, but my University IT says they don’t see it.
    Saturday, August 11, 2018 12:17 PM
  • They go to the Microsoft azure domain if your device is part of an azure domain. Is it?

    Is your device bootable or do you need the recovery key to boot it? If bootable, any local admin may gather the recovery key at any time: on an elevated command prompt, just run

    manage-bde -protectors -get c:

    (or d:).

    Saturday, August 11, 2018 12:46 PM
  • This is a personal computer not on the domain of the University. I have screenshots of the behavior, but my account isn't verified yet and I can't post them to this forum.
    Saturday, August 11, 2018 1:23 PM
  • Again:

    Is your device bootable or do you need the recovery key to boot it? If bootable, any local admin may gather the recovery key at any time: on an elevated command prompt, just run

    manage-bde -protectors -get c:

    (or d:).


    About screenshots: you can upload those somewhere else and link them here.

    Sunday, August 12, 2018 8:43 AM
  • These are non-boot drives. The original drive c: was lost and replaced. The command prompt brings up the bitlocker ID but no key since it wasn't stored on the new primary drive.

    Here are some screenshots describing what I outlined initially. Depending on the presence of a work account under my primary Microsoft Login account, I receive "cloud domain" saving of bitlocker keys. I also receive a success message each time they are saved, but I've been unable to trace where those keys are going related to my school account. I'm hoping they exist somewhere given the confirmation message.

    Monday, August 13, 2018 5:17 AM
  • Cloud domain should be azure AD, so your network admin would know which azure AD you are connected to and should be able to help. Sorry, no further idea.
    Monday, August 13, 2018 6:15 AM
  • They claim they looked and nothing is there. I worry they don’t know where to look.
    Monday, August 13, 2018 6:40 AM
  • We haven’t heard from you for a couple of days, have you solved the problem?  

    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact

    Wednesday, September 5, 2018 6:18 AM
  • This issue is still unresolved. MY university IT is apparent trying to ask Microsoft about this behavior.
    Wednesday, September 5, 2018 11:43 AM
  • I was having the same issue and figured out a way around it.  You should be able to access your recovery key at your Azure account.  You can get there by going here: ( and clicking the hyperlink on the fourth bullet point.  

    If you actually want to save to your personal Microsoft account you have to unlink your school account.  You can do that by going to Settings>Accounts>Access work or school.  After you unlink your school account you should be able to backup to your personal Microsoft account.

    Saturday, January 5, 2019 7:09 PM
  • I know this is a bit old, but it does not work as guided above.

    I have Office 365 Pro Plus, which is a business subscription, and as soon as I add it, and sign in, I am no longer able to save any BL keys to my personal MS Account, and I was initially unable to locate them in this mysterious 'cloud domain' account either.

    Even an MS Tech had no idea where they could be and tried to tell me, the same as many folks have on this thread and others, 'it must be your work or college blah blah blah'. This is, of course, not a valid response for me, as I am neither at college nor do my company have any connection to my PC or its software.

    I had to let go of the idea that she may be able to help as clearly she had no idea how the company software works.

    This got me thinking; it must be being saved successfully, as there is no error message to say it was not saved, which means, it had to be somewhere, and a place or service that my PC is connected to in some way, and the only place it could be, for me at least, was in my O365 account.

    So, after some digging about, I did eventually find this 'domain cloud' account, in my O365 account, see below for where I located it and beware, you may require admin access.

    Once logged into your Office/Office 365 account, you have to go to the 'Admin Portal' where, on the left menu, you will find Azure Active Directory, once in AAD, navigate to Users, find your name/account, click on it, and then you are able to see the devices associated with your account. From there, choose the device in question and your BL keys will be listed...

    Hope that helps someone.

    • Edited by BeeZenOne Sunday, September 15, 2019 1:19 PM
    Sunday, September 15, 2019 12:28 PM