CODEWITHSUNDEEP
azurepowershellbitlocker
zyntrax
zyntrax

Reputation: 136

Receiving an error when trying to backup bitlocker key to Azure AD with PowerShell

We are trying to create a script within our environment to upload bitlocker keys to Azure AD using powershell and BackupToAAD-BitLockerKeyProtector

But we receive an error message on all PCs we have tried so far, error message:

BackupToAAD-BitLockerKeyProtector : JSON value not found. (Exception from HRESULT: 0x83750009)
At line:1 char:1
+ BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyPr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Write-Error], COMException
    + FullyQualifiedErrorId : System.Runtime.InteropServices.COMException,BackupToAAD-BitLockerKeyProtector

I have tried the following and multiple other scripts:

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId

When checking with (Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector it does output a KeyRrotectorID and RecoveryPassword.

Do anyone have any idea what's going on, or why it's not working? Any help would be very much appreciated.

Upvotes: 1

Views: 6123

Answers (2)

Alberto
Alberto

Reputation: 1

Verify with your security&networking team if enterpriseregistration.windows.net is SSL inspected. In such case, you have to disable SSL inspection on such endpoint

Upvotes: 0

Venkat V
Venkat V

Reputation: 7843

I Tried to reproduce the same in my environment to backup bit locker key to Azure AD with PowerShell

You can use below PowerShell script to backup Bit locker key to Azure AD with PowerShell.

Connect-AzureAD

$BitlockerVol = Get-BitLockerVolume -MountPoint $env:SystemDrive
        $BPID=""
        foreach($BP in $BitlockerVol.KeyProtector){
            if($BP.KeyProtectorType -eq "RecoveryPassword"){
                $BPID=$BP.KeyProtectorId
                break;
            }
        }
       BackupToAAD-BitLockerKeyProtector -MountPoint "$($env:SystemDrive)" -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId

Once ran the above PowerShell code, it got executed successfully.

enter image description here

To check the Bit locker Keys in Azure AD,

Go to Azure Active Directory > Devices > All devices >Search your Device >BitLocker keys (Preview) > Show Recovery Key.

enter image description here

Upvotes: 1

Related Questions