BitlockerKey.Read.All | Graph Permissions

Permission Details

Application Permission

Read all BitLocker keys

Allows an app to read BitLocker keys for all devices, without a signed-in user. Allows read of the recovery key.

Permission ID: 57f1cf28-c0c4-4ec3-9a30-19a2eaaf2f6e

Delegated Permission

Read BitLocker keys

Allows the app to read BitLocker keys on behalf of the signed-in user, for their owned devices. Allows read of the recovery key.

Permission ID: b27a61ec-b99c-4d6a-b126-c4375d08ae30

Properties

Microsoft Graph v1.0 endpoint-derived-docs

Properties is shown from stable Microsoft Graph v1.0 metadata.

Property	Type	Description
`bitlocker`	`object`
`threatAssessmentRequests`	`threatAssessmentRequest collection`

JSON Representation

Microsoft Graph v1.0 endpoint-derived-docs

JSON representation is shown from stable Microsoft Graph v1.0 metadata.

JSON representation

{
  "@odata.type": "#microsoft.graph.bitlocker"
}

Relationships

Microsoft Graph v1.0 endpoint-derived-docs

Relationships is shown from stable Microsoft Graph v1.0 metadata.

Relationship	Type	Description
`recoveryKeys`	`bitlockerRecoveryKey collection`	The recovery keys associated with the bitlocker entity.
`threatAssessmentRequests`	`threatAssessmentRequest collection`	Related threatAssessmentRequests data exposed by this resource.
`dataLossPreventionPolicies`	`dataLossPreventionPolicy collection`	Related dataLossPreventionPolicies data exposed by this resource.
`sensitivityLabels`	`sensitivityLabel collection`	Related sensitivityLabels data exposed by this resource.

Graph Methods

Delegated access App-only access

Exact Microsoft Learn match

Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/informationProtection/bitlocker/recoveryKeys`
GET `/informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}`
GET `/informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}?$select=key`

Exact Microsoft Learn match

Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.

Methods
GET `/informationProtection/bitlocker/recoveryKeys`
GET `/informationProtection/bitlocker/recoveryKeys?$filter=deviceId eq '{deviceId}'`
GET `/informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}`
GET `/informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId}?$select=key`

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgInformationProtectionBitlockerRecoveryKey` /informationProtection/bitlocker/recoveryKeys List recoveryKeys
`Get-MgInformationProtectionBitlockerRecoveryKey` /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId} Get bitlockerRecoveryKey

Exact Microsoft Learn PowerShell match

Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.

Commands
`Get-MgBetaInformationProtectionBitlockerRecoveryKey` /informationProtection/bitlocker/recoveryKeys List recoveryKeys
`Get-MgBetaInformationProtectionBitlockerRecoveryKey` /informationProtection/bitlocker/recoveryKeys/{bitlockeryRecoveryKeyId} Get bitlockerRecoveryKey

Code Examples

C# / .NET SDK

Get bitlockerRecoveryKey

View official example on Microsoft Learn

// Code snippets are only available for the latest version. Current version is 5.x

// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.InformationProtection.Bitlocker.RecoveryKeys["{bitlockerRecoveryKey-id}"].GetAsync((requestConfiguration) =>
{
	requestConfiguration.Headers.Add("User-Agent", "Dsreg/10.0");
	requestConfiguration.Headers.Add("ocp-client-name", "My Friendly Client");
	requestConfiguration.Headers.Add("ocp-client-version", "1.2");
});

JavaScript

Get bitlockerRecoveryKey

View official example on Microsoft Learn

const options = {
	authProvider,
};

const client = Client.init(options);

let bitlockerRecoveryKey = await client.api('/informationProtection/bitlocker/recoveryKeys/b465e4e8-e4e8-b465-e8e4-65b4e8e465b4')
	.header('User-Agent','Dsreg/10.0')
	.header('ocp-client-name','My Friendly Client')
	.header('ocp-client-version','1.2')
	.get();

PowerShell

Get bitlockerRecoveryKey

View official example on Microsoft Learn

Import-Module Microsoft.Graph.Identity.SignIns

Get-MgInformationProtectionBitlockerRecoveryKey -BitlockerRecoveryKeyId $bitlockerRecoveryKeyId

Python

Get bitlockerRecoveryKey

View official example on Microsoft Learn

# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.information_protection.bitlocker.recovery_keys.item.bitlocker_recovery_key_item_request_builder import BitlockerRecoveryKeyItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python

request_configuration = RequestConfiguration()
request_configuration.headers.add("User-Agent", "Dsreg/10.0")
request_configuration.headers.add("ocp-client-name", "My Friendly Client")
request_configuration.headers.add("ocp-client-version", "1.2")

result = await graph_client.information_protection.bitlocker.recovery_keys.by_bitlocker_recovery_key_id('bitlockerRecoveryKey-id').get(request_configuration = request_configuration)

App Registration

1

Navigate to Azure Portal

Go to App registrations in Microsoft Entra admin center

2

Add API Permission

Select your app → API permissions → Add a permission → Microsoft Graph

3

Select Permission Type

Choose Application permissions or delegated permissions and search for BitlockerKey.Read.All

4

Grant Admin Consent

Application permissions always require admin consent.