Wonder how to give access to see bitlocker recovery keys in Azure AD? – Look no further!
I’m have been searching for a while after how to grant access to the Azure AD (AAD) BitLocker recovery keys by the “least privilege principle” (PoLP).
You need to have global administrator in order to follow this tutorial, if you are ready, let’s go!
- Open https://portal.azure.com
- Navigate to “Azure Active Directory“, then click on “Users“.
- Search and click on a user that needs to have the ability to view the recovery keys.
- Click on “Directory role“, then check mark “Security reader“. Now click “Save“.
- Now the user have the ability to view Azure AD recovery keys.
For more information on the security roles, see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-assign-admin-roles-azure-portal.