The following forum(s) have migrated to Microsoft Q&A (Preview): Azure Active Directory!
Visit Microsoft Q&A (Preview) to post new questions.

Learn More

How to delete saved Bitlocker recovery keys from Azure AD device objects? RRS feed

  • Question

  • I use Azure AD and Intune, which automatically encrypt my AAD joined devices with Bitlocker and back up the recovery keys to Azure AD, accessible from the Azure AD device objects. 

    That is great, but I can't seem to find any button to delete these keys after hard drive changes, re-imaging, decryption/re-encyption etc, which cause additional recovery keys to be uploaded but the old ones not automatically removed. 

    This causes duplicate/stale keys on some devices. I understand that it is easy to tell which keys are good via the Bitlocker drive ID, but I'd imagine there should be a way to remove them if needed without deleting the entire device object.

    Any information on this would be greatly appreciated.

    Tuesday, September 3, 2019 6:55 AM

All replies