-
Notifications
You must be signed in to change notification settings - Fork 0
/
Fix_BitlockerKeyBackup.ps1
65 lines (48 loc) · 2.39 KB
/
Fix_BitlockerKeyBackup.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
function Backup-BitLockerKeyToAAD {
<#
.SYNOPSIS
Used to backup BitLocker recovery key to Azure Active Directory (AAD).
.DESCRIPTION
Script retrieves the BitLocker recovery key of the local computer and then attempts to backup the key to Azure Active Directory.
.NOTES
Run this script as an administrator.
#>
[CmdletBinding()]
param (
)
Begin {
Write-Host "Starting BitLocker Key Backup process to Azure AD." -ForegroundColor Cyan
}
Process {
try {
# Get BitLocker volumes
$BitLockerVolumes = Get-BitLockerVolume -ErrorAction Stop
$volumeInfoArray = @()
foreach ($BitLockerVolume in $BitLockerVolumes) {
# Construct a single string that contains volume type, mount point, volume status, encryption percentage, and key protector type
$volumeInfo = "Volume Type: $($BitLockerVolume.VolumeType), Mount Point: $($BitLockerVolume.MountPoint), Volume Status: $($BitLockerVolume.VolumeStatus), Encryption Percentage: $($BitLockerVolume.EncryptionPercentage), KeyProtector Type: $($BitLockerVolume.KeyProtector[0].KeyProtectorType)"
$volumeInfoArray += $volumeInfo
# Get KeyProtector IDs for the BitLocker volume
$KeyProtectorIds = $BitLockerVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } | Select-Object -ExpandProperty KeyProtectorID
foreach ($KeyProtectorId in $KeyProtectorIds) {
# Backup the BitLocker Key to Azure AD
BackupToAAD-BitLockerKeyProtector -MountPoint $BitLockerVolume.MountPoint -KeyProtectorId $KeyProtectorId
Write-Host "Successfully backed up BitLocker Key for volume $($BitLockerVolume.MountPoint) to Azure AD." -ForegroundColor Green
}
}
# Output all drive info as a single string, with each drive separated by a dot
$driveInfoString = $volumeInfoArray -join '. '
}
catch {
Write-Host "Failed to backup BitLocker Key to Azure AD: $_" -ForegroundColor Red
}
}
End {
Write-Host "`n`n"
Write-Host "BitLocker Key Backup process to Azure AD completed." -ForegroundColor Cyan
Write-Host $driveInfoString
}
}
Write-Host "`n`n"
# Call the function
Backup-BitLockerKeyToAAD