BitLocker Recovery Keys

Retrieve All BitLocker Keys

Using the Retrieve All BitLocker Keys tool, you can view and copy current recovery passwords for all the sources where you have configured BitLocker keys — Configuration Manager, Active Directory, MBAM, and Entra ID. 

Prerequisites:

To run the tool:

1. Right-click on a single device, multiple devices, or device collection.

2. Select Right Click Tools > Security Tools > Retrieve All BitLocker Keys.

The BitLocker Recovery Keys from Configured Sources window displays the Key Source, Recovery Key, Recovery Key ID, Date Created, and any Error.

You can copy a recovery key by right-clicking on an entry and choosing Copy Key to Clipboard.

TIP: If Right Click Tools is connected to a Recast Management Server, you can edit the sources from which the tool will retrieve recovery keys by disabling individual BitLocker Search options in your Recast Management Server Settings. Be sure to restart your Configuration Manager console after editing recovery key sources.




ConfigMgr BitLocker Recovery Keys

The ConfigMgr BitLocker Recovery Keys tool lets you retrieve current recovery passwords stored in Configuration Manager.

To run the tool:

1. Right-click on a device name.

2. Select Right Click Tools > Security Tools > ConfigMgr BitLocker Recovery Keys.

The ConfigMgr BitLocker Keys window that opens displays the following information:

  • Machine Name
  • Recovery Key 
  • Recovery Key ID
  • Error

3. Right-click on a Recovery Key ID and click Copy Key to Clipboard.




AD BitLocker Recovery Keys

The AD BitLocker Recovery Keys tool lets you view current recovery passwords and their detailed history.

To run the tool:

1. Right-click on a device name.

2. Select Right Click Tools > Security Tools > AD BitLocker Recovery Keys.

The AD BitLocker Keys window that opens displays the history of the recovery password including the dates when it was created and last changed.

See also Delegate Access to BitLocker Recovery Keys in Active Directory




MBAM BitLocker Recovery Keys

The MBAM BitLocker Recovery Keys tool allows you to request new MBAM recovery keys.

To run the tool:

1. Right-click on a device name.

2. Select Right Click Tools > Security Tools > MBAM BitLocker Recovery Keys.

3. In the MBAM Recovery Key Request window, select the reason for requesting MBAM recovery keys.

Reasons include:

  • Operating System Boot Order changed
  • BIOS changed
  • Operating System files modified
  • Lost Startup Key
  • Lost PIN
  • TPM Reset
  • Lost Passphrase
  • Lost Smartcard
  • Other

4. Click Request Key(s).

TIP: You can copy a recovery key by right-clicking on an entry and choosing Copy Key to Clipboard.




Entra ID BitLocker Recovery Keys

The Entra ID BitLocker Recovery Keys tool lets you retrieve current recovery passwords stored in Microsoft Entra ID (formerly Azure Active Directory). This tool requires a connection to your Recast Management Server.

Prerequisites

Application permissions

Run the Entra ID BitLocker Recovery Keys Tool

To run the tool:

1. Right-click on a device name.

2. Select Right Click Tools > Security Tools > EntraID BitLocker Recovery Keys.

The EntraID BitLocker Keys window that opens displays the following information:

  • Machine Name
  • Recovery Key 
  • Recovery Key ID
  • Date Created
  • Error

3. Right-click on a Recovery Key ID and click Copy Key to Clipboard.




Copyright © 2025 Recast Software Inc. All rights reserved.