Question
What is the process to obtain a recovery key for University device that is using BitLocker Drive Encryption?
Overview
Microsoft BitLocker Administration and Monitoring (MBAM) allows organizations to encrypt devices using BitLocker Drive Encryption (BDE) and access the recovery keys when needed. In some circumstances, the device's hard drive may become locked if changes are performed to the device - such as updating the BIOS, moving the encrypted hard drive into a different PC, or replacing certain system components. To unlock the drive and access the Operating System, a recovery key will be needed.
With MBAM, ITS is able to manage and access the recovery keys of devices as needed. However, users are also able to access the Self Service portal to retrieve their keys as well.
Process
Getting a recovery key is only necessary if the drive is encrypted and displaying the following screen.
In order to access the Self Service portal (https://mbam.umd.umich.edu), you will need to be on campus using the campus network OR connected via VPN.
1. Go to https://mbam.umd.umich.edu with another device (a different PC or a smart-phone) and sign in with your Uniqname and Kerberos password.
2. Accept the notice provided.
3. Enter the Recover ID that was displayed on your device's screen. The reason should be what best applies to your drive locking - BIOS/TPM changed, OS Files Modified, or Lost PIN/Passphrase.
4. Enter the BitLocker Recovery Key provided from the MBAM site into the BitLocker Recovery screen for the locked drive. This will allow access to your device's hard drive and allow you to boot into Windows. The MBAM client will change the recovery key after 90 minutes.
Service Desk Technicians use the following link instead: https://umd-mbam.adsroot.itcs.umich.edu/servicedesk/KeyRecoveryPage.aspx