When you Azure AD join your device and activate Bitlocker, you get the option to store the Recovery Key in Azure AD.
If you ever wonder where to find them, they are all available from the Details Window for your registered devices in the Azure AD Management Portal.
A few easy steps to get there
- Open Azure AD in the Management Portal
- Open the Users tab and search/browse for the account you need to find recovery key for, then open it.
- Go to the Devices tab, and in the View box, select Devices.
- Select the affected device, and click View Details.
All registered keys should be visible
Had a case this other day where we where unable to get a unique identifier from the different source systems, and all of these where to enter the same Windows AD.
We have multiple countries with the same HR system each (Same system, but different databases). In all countries’ databases, the employee number stated on 10001. To solve this, we chose to prefix the employee number upon import. This isn’t a big deal, but it’s a bit more tricky when we need to make sure that a join is successful.
Not that tricky, but it takes time if you don’t know where to start, right?
As we have chosen to use Employee ID as the linked attribute, we decided to use this attribute for joining also. Why make it more complicated than we need to?
To begin, create a Management Agent Extension, and add the following Join rules there
void IMASynchronization.MapAttributesForJoin(string FlowRuleName, CSEntry csentry, ref ValueCollection values)
if ((csentry["employeeID"] != null) || (csentry["employeeID"].StringValue != ""))
String emloyeeIdWithPrefix = "NO" + csentry["employeeID"].StringValue;
throw new Exception(String.Format("EmployeeID can't be blank!"));
throw new EntryPointNotImplementedException();
Then configure the following join rules on the Management Agent
|Data Source Object Type
||Metaverse Object Type
|Data Source Attribute
||Rules Extension – JoinEmployeeID
||See join extension rule
|Use rules extension to resolve
Thanks, and hope this could help someone else also 🙂