question

scintillator avatar image
0 Votes"
scintillator asked MarileeTurscak-MSFT edited

Device name overwritten in Azure AD - Bitlocker keys lost

My primary computer crashed and I had to reinstall Windows, when I re-joined AzureAD with the hostname, all BitLocker keys had disappeared.
I suspect the old entry was overwritten with new hence I lost access to the recovery keys. Is there any way to restore the device ID or BitLocker keys?

Still able to see the device in Microsoft Endpoint Manager admin center - Bitlocker Recovery Keys, however when clicking the link:
"Device with ID <ID> was not found in Azure AD. If this device was just joined or registered, please try again in a couple of
minutes."


126491-notfound.png

Any suggestions are greatly appreciated as I lost years of my data due to this blunder. Thank you.


mem-intune-general
notfound.png (56.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

MTG-3890 avatar image
0 Votes"
MTG-3890 answered MarileeTurscak-MSFT commented

Hi.

I have no experience with Azure AD, but for on-premises AD, you would still find that old object in the AD recovery bin and you'd be able to restore the keys.
Is there such a bin in Azure AD?

· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Unfortunately, I was unable to find any "Delete Devices" or Eecycle Bin that would be possible with "Deleted Users".

Powershell cmdlet Get-AzureADDevice -ObjectId "ID" also returns "Request_ResourceNotFound"

Get-AzureADDevice : Error occurred while executing GetDevice
Code: Request_ResourceNotFound
Message: Resource '<ID>' does not exist or one of its queried reference-property
objects are not present.
RequestId: <Request Id>
DateTimeStamp: Thu, 26 Aug 2021 12:41:39 GMT
HttpStatusCode: NotFound
HttpStatusDescription: Not Found
HttpResponseStatus: Completed
At line:1 char:1
+ Get-AzureADDevice -ObjectId "ID"
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzureADDevice], ApiException
+ FullyQualifiedErrorId : Microsoft.Open.AzureAD16.Client.ApiException,Microsoft.Open.AzureAD16.PowerShell.GetDevi
ce

Still hoping the device can be restored in the next 30 days as with users and groups.

0 Votes 0 ·

Please look at https://social.technet.microsoft.com/wiki/contents/articles/35910.azure-troubleshooting-how-to-restore-deleted-objects.aspx where it's shown for user objects. Should be doable with computer objects as well.

0 Votes 0 ·

Thank you for the effort and suggestion.

Still unable not find anything equal to "Get-MsolUser -ReturnDeletedUsers" for devices

Might not be implemented yet? Sources:
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/how-to-recover-or-re-add-device/m-p/1250422
https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/32127307-recycle-bin-for-deleted-devices

0 Votes 0 ·

Looks to be a dead-end and my BitLocker keys/data has perished into the void of MS Clouds.
Please let me know if the below information is outdated or wrong fingers crossed

"Azure AD objects that are soft deleted include:
User and guest accounts.
Microsoft 365 groups (including associated data such as properties, members, e-mail addresses, Exchange Online shared inbox and calendar, SharePoint Online team site and files, OneNote notebook, Planner, Teams, and Yammer group and group content).
•Azure AD applications.

Azure AD objects that are immediately hard deleted include:
Security groups.
Distribution groups.
Service principals.
Conditional access policies.
Devices
Second, soft-deleted objects remain in the Recycle Bin for only 30 days. After that, they are permanently deleted.

Third, many Azure AD objects have complex configurations or specific interactions with other systems. Those details are not captured by the Recycle Bin and cannot be restored from it.
Finally, the Recycle Bin is for deleted objects only. If an object has been changed rather than deleted, the Recycle Bin cannot help you restore the object to its previous state."

Source: zmw technologies . com/2021/03/06/ azure-active-directory-recovery/

0 Votes 0 ·

That's bad. I wonder why they do that.
Maybe a support query should be tried in case you have no backup.

0 Votes 0 ·