Bitlocker Recovery for Windows

Bitlocker drive encryption will be enabled on Windows-based laptops that serve an "administrative role".  To keep it simple, this will include all principals, admin assistants, nurses, and/or teachers that have access to sensitive student and staff data that is a laptop.  This will not be enabled on any desktop computers.

How to access Bitlocker recovery keys:

Step 1 - You must be a member of this group in AD (Groups > Security > BitLocker) "BitlockerHelpdeskAdmin" (current IT team is already setup)

Step 2 - Open a web browser and go to: http://sccm/helpdesk.  This opens up the MBAM "helpdesk" portal (use your AD account to login)

Step 3 - When an end user needs their recovery key, they will be presented with this screen.  They must provide you with the first 8 digits of the Key ID: 

Step 4 - in MBAM, Click "Drive Recovery"

Step 5 - Enter the domain, user ID (username of account having issue), 8 digit key ID, the reason drop-down isn't required (default reason is fine)

Step 6 - Once you hit Submit, you will see the full 48-Character long recovery key below.  Once you click "Done", this key will recycle, and be replaced with a new one, SO DO NOT HIT DONE until the process has fully worked (or you may need to start all over).  (Example below is BLANK for reasons)

JPB 3/14/2025