Azure AD – Access to BitLocker Recovery Keys

Wonder how to give access to see bitlocker recovery keys in Azure AD? – Look no further!

I’m have been searching for a while after how to grant access to the Azure AD (AAD) BitLocker recovery keys by the “least privilege principle” (PoLP).

You need to have global administrator in order to follow this tutorial, if you are ready, let’s go!

  1. Open
  2. Navigate to “Azure Active Directory“, then click on “Users“.
  3. Search and click on a user that needs to have the ability to view the recovery keys.
  4. Click on “Directory role“, then check mark “Security reader“. Now click “Save“.
  5. Now the user have the ability to view Azure AD recovery keys.

For more information on the security roles, see

Experienced advanced operations engineer with a demonstrated history of working in the information technology and services industry. Skilled in Windows Server, Azure, Ethical Hacking, Office 365, Exchange, Jenkins, SCCM, Octopus Deploy and PowerShell to name a few. Strong engineering professional with a big passion for knowledge.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.