Introduction

By default on devices using the Intune service CSCS will be enabling Bitlocker disk encryption. This encrypts all of the data on the main local disk and provides added security to those who work remotely or who are mobile workers. If your BitLocker encrypted disk becomes locked you will see a message saying it has been locked and you need to contact the Service Desk for the recovery key. If the device has been assigned to you in the portal, you can get to the Recovery Key yourself:

Instructions

If a user is associated with a Bitlocker-enabled Intune managed device (i.e. we have assigned it to them in Azure AD or user-enrollment is enabled and they have enrolled it) they can

1. On any internet-connected device, go to https://myaccount.microsoft.com/
2. Log in with your work email address when prompted.
3. Click on "Devices" on the left-panel, or "Manage Devices" in the main window.
4. Click on the PC name to expand the options, and then click "View BitLocker Keys":
   
5. A panel will pop out on the right-side of the window - if multiple keys are listed, compare the "Key ID" to that shown on the PC to find the correct one, click "Show Recovery Key" to show the recovery key on-screen.