MEM_BitlockerKeyBackup/Fix_BitlockerKeyBackup.ps1 at main · jmanuelng/MEM_BitlockerKeyBackup · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65


function Backup-BitLockerKeyToAAD {
    <#
    .SYNOPSIS
        Used to backup BitLocker recovery key to Azure Active Directory (AAD).

    .DESCRIPTION
        Script retrieves the BitLocker recovery key of the local computer and then attempts to backup the key to Azure Active Directory.

    .NOTES
        Run this script as an administrator.
    #>
    [CmdletBinding()]
    param (
    )

    Begin {
        Write-Host "Starting BitLocker Key Backup process to Azure AD." -ForegroundColor Cyan
    }

    Process {
        try {
            # Get BitLocker volumes
            $BitLockerVolumes = Get-BitLockerVolume -ErrorAction Stop

            $volumeInfoArray = @()

            foreach ($BitLockerVolume in $BitLockerVolumes) {
                # Construct a single string that contains volume type, mount point, volume status, encryption percentage, and key protector type
                $volumeInfo = "Volume Type: $($BitLockerVolume.VolumeType), Mount Point: $($BitLockerVolume.MountPoint), Volume Status: $($BitLockerVolume.VolumeStatus), Encryption Percentage: $($BitLockerVolume.EncryptionPercentage), KeyProtector Type: $($BitLockerVolume.KeyProtector[0].KeyProtectorType)"

                $volumeInfoArray += $volumeInfo

                # Get KeyProtector IDs for the BitLocker volume
                $KeyProtectorIds = $BitLockerVolume.KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } | Select-Object -ExpandProperty KeyProtectorID

                foreach ($KeyProtectorId in $KeyProtectorIds) {
                    # Backup the BitLocker Key to Azure AD
                    BackupToAAD-BitLockerKeyProtector -MountPoint $BitLockerVolume.MountPoint -KeyProtectorId $KeyProtectorId
                    Write-Host "Successfully backed up BitLocker Key for volume $($BitLockerVolume.MountPoint) to Azure AD." -ForegroundColor Green
                }
            }

            # Output all drive info as a single string, with each drive separated by a dot
            $driveInfoString = $volumeInfoArray -join '. '

        }
        catch {
            Write-Host "Failed to backup BitLocker Key to Azure AD: $_" -ForegroundColor Red
        }
    }

    End {
        Write-Host "`n`n"
        Write-Host "BitLocker Key Backup process to Azure AD completed." -ForegroundColor Cyan
        Write-Host $driveInfoString
    }
}


Write-Host "`n`n"

# Call the function
Backup-BitLockerKeyToAAD