Dima Kumets [Product Manager - Huntress]: Our need that is not being met would be the bitlocker keys central storage location. NOt all customers have AD domains.

John Waskewics: Just enable with a script through your RMM and it's pretty easy in most of those. Our script backups the keys to our RMM and done. Seems like a better request for whatever RMM you use. :)

Jonathan Baynes: How are you backing up to the RMM? We can run a script to grab the key and this will push it to the script result in our RMM, but there is not central storage place for bitlocker keys. Yes, I will request from our RMM, Continuum. If you are on that or ConnectWise, please share the backup details. Thank you.

John Waskewics: We use syncro and they have custom fields you can create on a device. So we run script like below and it uploads the key to our RMM. If you can't do something like that with Continuum that's a major bummer. If they don't support something like this you could backup to AAD if you use that. See second script below.

#TODO - MAKE SURE YOU SETUP YOUR ASSET CUSTOM FIELD CALLED "Bitlocker_Key_<drive>" for each drive as a "Text Field" on your

Import-Module $env:SyncroModule

#Creates temp directory if it does not exist

Set-Location C:\

md temp

Set-Location C:\Temp

#Puts keys into text files

(Get-BitLockerVolume -MountPoint C).KeyProtector.recoverypassword > C:\Temp\bitlockerkeyc.txt

(Get-BitLockerVolume -MountPoint D).KeyProtector.recoverypassword > C:\Temp\bitlockerkeyd.txt

(Get-BitLockerVolume -MountPoint E).KeyProtector.recoverypassword > C:\Temp\bitlockerkeye.txt

Start-Sleep -Seconds 15

#Gets keys from text files

[string] $textc = Get-Content C:\Temp\bitlockerkeyc.txt -raw

[string] $textd = Get-Content C:\Temp\bitlockerkeyd.txt -raw

[string] $texte = Get-Content C:\Temp\bitlockerkeye.txt -raw

#Adds keys to Syncro

Set-Asset-Field -Subdomain "xxxx" -Name "Bitlocker_Key_C" -Value $textc

write-host "Set the custom field value to $textc"

Set-Asset-Field -Subdomain "xxxx" -Name "Bitlocker_Key_D" -Value $textd

write-host "Set the custom field value to $textd"

Set-Asset-Field -Subdomain "xxxx" -Name "Bitlocker_Key_E" -Value $texte

write-host "Set the custom field value to $texte"

#Removes text files with keys from PC for security

Set-Location C:\Temp

Del bitlockerkeyc.txt

Del bitlockerkeyd.txt

Del bitlockerkeye.txt

#2. I've not tested this on at all

[cmdletbinding()]

param(

[Parameter()]

[ValidateNotNullOrEmpty()]

[string] $OSDrive = $env:SystemDrive

)

Import-Module $env:SyncroModule

try {

$ErrorActionPreference = "stop"

Enable-BitLocker -MountPoint $OSDrive -UsedSpaceOnly -TpmProtector -ErrorAction Continue

Enable-BitLocker -MountPoint $OSDrive -UsedSpaceOnly -RecoveryPasswordProtector

Start-Sleep -Seconds 30

$key = (Get-BitLockerVolume -MountPoint $OSDrive).KeyProtector|?{$_.KeyProtectorType -eq 'RecoveryPassword'}

$kpi = [String]$key.KeyProtectorId

BackupToAAD-BitLockerKeyProtector -MountPoint $OSDrive -KeyProtectorId $kpi

Write-Host

}

catch {

Write-Host "Error while setting up AAD Bitlocker, make sure that you are AAD joined and are running the cmdlet as an admin: $_"

Create-Syncro-Ticket -Subdomain "PLACEHOLDERSUBDOMAIN" -Subject "BitLocker Deployment Issue" -IssueType "PC Issue" -Status "New"

}