question

AlexKumpan-1472 avatar image
0 Votes"
AlexKumpan-1472 asked AlexKumpan-8633 commented

How to get bitlocker recovery key from Azure Portal for old MS account.

Hello,

Few years ago Dell has sold new laptop to me. It appears that laptop was protected with Bitlocker as Dell usually do.

I was not notified on that, so - I didn't switch it off or store recovery key somewhere.

Now laptop get into bitlocker recovery mode (it could be hundreds of reason for it, I don't know which one has been triggered).

The only hope for me is that I logged in into laptop using my Microsoft account. But I still can't get recovery key from Azure Portal as account is a little outdated (it was created in 1996).

Opening "devices" section in Azure Active directory on portal I'm having message:

"The portal is having issues getting an authentication token. The experience rendered may be degraded.
Additional information from the call to get a token:
Extension: Microsoft_AAD_Devices
Resource: graph
Details: AADSTS50020: User account '{EmailHidden}' from identity provider 'live.com' does not exist in tenant 'Microsoft Services' and cannot access the application 'c44b4083-3bb0-49c1-b47d-974e53cbdf3c'(Azure Portal) in that tenant. The account needs to be added as an external user in the tenant first. Sign out and sign in again with a different Azure Active Directory user account.
Trace ID: 83f9c953-38bc-4d3c-9572-d3e933fd1500
Correlation ID: 0c60b71d-e5a9-43a3-9392-0a7584fd3a4b
Timestamp: 2021-08-27 10:04:47Z"

Is there any chance that recovery key still stored somewhere in portal and I could get it back with some action around account?

Otherwise I'm loosing all my business data on working laptop.

Thank you.




azure-active-directoryazure-disk-encryption
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

vipulsparsh-MSFT avatar image
0 Votes"
vipulsparsh-MSFT answered

@AlexKumpan-1472 Thanks for reaching out and apologies for delay on this.

1) If you have been using the Microsoft personal account on that device, you can try to login to this URL and see if you have the Recovery key stored there : https://account.microsoft.com/devices/recoverykey?

2) If your device was ever signed in to an organization using a work or school email account, your recovery key may be stored in that organization's Azure AD account associated with your device. You may be able to access it directly or you may need to contact a system administrator to access your recovery key.
(In this scenario login to the Azure portal using your work email and not your personal account.)



Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexKumpan-1472 avatar image
0 Votes"
AlexKumpan-1472 answered vipulsparsh-MSFT commented

Hello,

Thank you for your answer!

Here are my comments:

  1. https://account.microsoft.com/devices/recoverykey is simplest and most obvious way to find a key and yes - I started with it. Recovery key is not here. But I've red on dell support forum that somebody has found key in Azure Active directory on Azure Portal. So, I'm trying to get it this way. May be something could be done with my account to get in here. (BTW - it's hundreds of people on this dell support forum who has lost all their data due to bitlocker installed by Dell without any notifications to customers. )

  2. No, it's my personal account and it was never used to login to corporate networks by any way.




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

@AlexKumpan-1472 The only way Azure AD portal would have the key is when you login to the machine using your Azure AD (work) credentials. I also came across many Dell threads where people are complaining about similar situations. Although, the windows should not enable bitlocker unless you at least logged on with your Microsoft account where it can upload the recovery key.

As a next step, open a support case, have them investigate this to see if there is some option.

0 Votes 0 ·
AlexKumpan-1472 avatar image
0 Votes"
AlexKumpan-1472 answered

Thank you very much for you help.

So - I'm accepting my data loss and starting to format my disks.

To create MS ticket to Dell to correct setups for new laptops - sounds like a great idea.

I'd recommend to publish some MS release trying to keep customers from buying any Dells' laptops until this is fixed. The price could be extremely high.

And more important - need urgent warning for customers who already have Dell laptops with explanation - what's bitlocker and how to handle it.
BTW - just switch bitlocker off is not enough, Dell will hiddenly switch if on. (according to cases from forum, I can't confirm it by myself)

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

AlexKumpan-1472 avatar image
1 Vote"
AlexKumpan-1472 answered

If anybody still interested - I've found a way to recover my data.

The trigger to force "bitlocker recovery mode" was invalid MS Windows Update that come 19-21 august 2021 and brought invalid BIOS update for all Dell XPS 9360.

Solution is to roll back BIOS to remove the trigger.

It's not possible with flashing BIOS from Dell's site, so had to replace SSD, install fresh windows for it, run windows update, which is flashing Dell with proper BIOS. After returning encrypted SSD back - bitlocker recovery mode has gone.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Elated-0591 avatar image
0 Votes"
Elated-0591 answered AlexKumpan-8633 commented

@AlexKumpan-1472 - were you actually able to recover your data? Or was it a clean install which deleted all of the data?

I've got a Dell as well (Inspiron 7300 2-in-1), and the BIOS update on 22/09/2021 activated BitLocker. My problem was I had several years of data on it that I was migrating to another cloud provider, but hadn't completed the migration. If I had to go in and do a clean install or swap out the SSD, I'd have lost all of the data.

On the Inspiron, I had used several @outlook accounts as well as an office365 business account, which no longer was active as the business is de-registered and the associated domain cancelled.

The Recovery Key was not in the easy-to-find places (like the @outlook.com accounts).

I scoured the forums and read about flashing the BIOS. I was able to revert the BIOS back to an earlier version, but upon rebooting the "BitLocker blue screen of death" was back.

I contacted Dell support and although they were prompt and helpful, the only option (as we couldn't access the boot menu anymore after my many attempts of messing with it) they offered was to swap out the hardware.

I read about the option of the BitLocker recovery key possibly being on Azure. I did discover that my old business account actually did have an Azure profile , but couldn't access it as I first had to update the 2-step-verification option (my old business email which no longer was accessible). After waiting four weeks for Microsoft to activate the changed 2-step-verification, I was able to get into Azure.

Once I got into Azure, I found I needed to go to the Microsoft Endpoint Manager admin center (Microsoft Intune): (https://endpoint.microsoft.com). Once there, I couldn't find the device under the "Devices" tab.

I was about to give up, but scouted around and checked the "Users" tab. There under the user profile associated with my business account there was an option to "Manage Devices". There I found the computer I was looking for and the BitLocker Recovery Key.

And lo and behold, it actually worked.

This morning, when turning on the computer, the BitLocker blue screen was back, but entering the BitLocker recovery key, I was able to log in. I then turned of BitLocker and, once it finishes decrypting the drive, I'll make a backup and do a clean install of the machine.

I appreciate this is a lengthy reply, but wanted to share my story in case it helps one or two others who are facing loss of important data.

And to share another lesson learnt the hard way: backups save a lot of time and hassle.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I'd say the first lesson is that never ever buy any Dell equipment.

If they are so stupid to turn disk encription on without user notification - what they also can do for you?

As for me - yes, I recovered all data. Fresh SDD was used as temporary tool, to install fresh Windows to set proper BIOS version, it's not possible just to use any BIOS file published by Dell (say "hi" to their engineers again).

0 Votes 0 ·