{"id":10872,"date":"2018-10-30T11:20:33","date_gmt":"2018-10-30T18:20:33","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=10872"},"modified":"2023-06-15T15:33:48","modified_gmt":"2023-06-15T22:33:48","slug":"self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/","title":{"rendered":"Self-service BitLocker recovery key tools enhance security and reduce costs"},"content":{"rendered":"<div class=\"m-alert f-error\" role=\"alert\">\n<div>\n<div class=\"c-glyph glyph-incident-triangle\" aria-label=\"Error message\"><\/div>\n<p class=\"c-paragraph\">This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft.<\/p>\n<\/div>\n<\/div>\n<p>To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff couldn\u2019t access it without a corporate network connection. To help our remote employees, we created a companion web app using Azure Active Directory Application Proxy. It extends the portal to any Internet-enabled phone or device. Now all employees can retrieve a single-use BitLocker recovery key in just a few minutes.<\/p>\n<p>Microsoft Digital uses BitLocker\u2014the Windows operating system disk encryption and data protection feature\u2014for both hardware enforcement and data protection. If a security condition is detected, BitLocker locks the operating system drive and requires a unique BitLocker recovery key to unlock it. The feature helps protect not only data, but also personal information and access to corporate networks.<\/p>\n<p>Outside of a theft scenario, there are a variety of reasons that a BitLocker recovery key might be needed. They include hardware issues, operating system upgrades, or failed BIOS updates. In all of these situations, you can\u2019t use your computer without a BitLocker recovery key.<\/p>\n<p>Previously, if our employees didn\u2019t know their BitLocker recovery key, they would have to call Helpdesk. These calls typically lasted about an hour, resulted in lost productivity, and tied up the Helpdesk technician. The employee would have to authenticate themselves to Helpdesk and the Helpdesk technician would recover the key on the employee\u2019s behalf.<\/p>\n<p>Our employees needed to be able to access their own BitLocker recovery key without the hassle of calling Helpdesk. We used Microsoft BitLocker Administration and Monitoring (MBAM), which provides enterprise management capabilities for BitLocker, to create a self-service BitLocker recovery key portal. Figure 1 shows the portal.<\/p>\n<figure id=\"attachment_10875\" aria-describedby=\"caption-attachment-10875\" style=\"width: 646px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-10875 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_image001.jpg\" alt=\"A screen shot of the BitLocker recovery key portal.\" width=\"646\" height=\"530\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_image001.jpg 646w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_image001-300x246.jpg 300w\" sizes=\"(max-width: 646px) 100vw, 646px\" \/><figcaption id=\"caption-attachment-10875\" class=\"wp-caption-text\">Figure 1. The BitLocker recovery key portal<\/figcaption><\/figure>\n<p>Unlike the hassle of calling Helpdesk, the portal process is quick\u2014typically five minutes\u2014but it does require corporate connectivity. Because most Microsoft devices connect to on-premises Active Directory, the portal must also reside on\u2011premises or in a private cloud.<\/p>\n<h2>Remote solution needed<\/h2>\n<p>Even with the portal in place, it was still challenging for some of our remote workers. For example, a field-based sales employee might stay at a hotel where they couldn\u2019t use a VPN or Direct Access connection to reach the corporate network. Typically armed with just their laptop and their phone, productivity effectively ground to a halt. They had to use valuable time to call Helpdesk, verify their identity and credentials, and work with the Helpdesk technician to access the recovery key on their behalf.<\/p>\n<p>Over time, BitLocker recovery key calls consumed a lot of Helpdesk tickets and resource bandwidth. In fact, BitLocker recovery key call requests became the second most common type of call! Helpdesk always had to be staffed and prepared to support our employees, globally. Also, to obtain a BitLocker recovery key for an employee, the Helpdesk representative would have access to the employee\u2019s recovery key information. This created a security risk because someone other than the employee had access to their recovery key.<\/p>\n<p>We wanted to lower the number of calls to Helpdesk, while also reducing security risks. The challenge was to extend the on-premises portal to our remote employees so that they could use the BitLocker recovery key portal without corporate network connectivity.<\/p>\n<h2>Creating a companion web app<\/h2>\n<p>We knew that the solution needed to extend the MBAM self-service portal to any device with Internet access, such as a phone. To do this, we used Azure Active Directory Application Proxy (Azure AD Application Proxy) to publish a token conversion web app.<\/p>\n<p>Azure AD Application Proxy helps bridge the gap between apps that were designed for on-premises environments that companies might want to move to the cloud. It also lets companies continue to use apps that simply can\u2019t move to the public cloud. Azure AD Application Proxy uses our existing recovery key portal in the cloud\u2014without having to extensively rewrite code.<\/p>\n<h2>How it works<\/h2>\n<p>The web app allows our employees to authenticate from a phone or any other mobile device that can access the Internet. They simply navigate to a web address, and then easily access their BitLocker recovery key without having to call Helpdesk.<\/p>\n<p>The web app follows a series of steps to generate a recovery key.<\/p>\n<ol class=\"c-list\">\n<li>The web app redirects to Azure Active Directory for identity authentication.<\/li>\n<li>After successful authentication, a token is generated.<\/li>\n<li>Principal name and service principal name properties are extracted from the token and provided to the Application Proxy Connector.<\/li>\n<li>The Application Proxy Connector, using Kerberos-constrained delegation, requests a Kerberos token on the employee\u2019s behalf.<\/li>\n<li>The Kerberos verification ticket is retrieved from Active Directory.<\/li>\n<li>The verification ticket is sent back to the Application Proxy Connector, where it is verified.<\/li>\n<li>A response is sent to the employee, through the Azure AD Application Proxy.<\/li>\n<\/ol>\n<p>Figure 2 shows the process.<\/p>\n<figure id=\"attachment_10876\" aria-describedby=\"caption-attachment-10876\" style=\"width: 624px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-10876 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/388_image002.png\" alt=\"This graphic shows the token conversion process, where a user authenticates their identity to Active Directory.\" width=\"624\" height=\"188\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/388_image002.png 624w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/388_image002-300x90.png 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><figcaption id=\"caption-attachment-10876\" class=\"wp-caption-text\">Figure 2. The token conversion web app process<\/figcaption><\/figure>\n<h2>Developing the solution quickly<\/h2>\n<p>Creating the web app companion to the portal was very straightforward. Because the BitLocker recovery key portal already existed, much of the work on the web app involved changes to existing Active Directory and Azure services, and making sure that the services could communicate with each other.<\/p>\n<p>In just about a week, the web app owner was able to perform replication and testing tasks. After standard user acceptance testing was completed, minor server modifications were made. Overall, the solution was much simpler and required far fewer resources than those of older web publishing technologies.<\/p>\n<p>We aggressively continue our digital transformation to the cloud. We want to code directly for the cloud, and we want our employees to authenticate directly to Azure AD. However, in this scenario, we had very specific needs. We wanted to support our remote personnel and their productivity while lowering Helpdesk costs at the same time. We were able to quickly create a solution with Azure AD Application Proxy and keep our remote employees productive and secure.<\/p>\n<p><i>NOTE<\/i>:\u00a0<i>Azure AD Application Proxy and its extensive publishing functionality is available in the Basic and Premium editions of Azure Active Directory.<\/i><\/p>\n<h2>Improving the user experience<\/h2>\n<p>It\u2019s easy for our remote employees to use the web app from an Internet-enabled phone, tablet, or another mobile device. They simply use a browser to navigate from the web app to the recovery key portal. To help ensure security, they\u2019re prompted for multi-factor authentication. If the employee happens to be using another app in Azure, such as the Office 365 portal, their existing token will be used for the portal, and they do not have to sign in again.<\/p>\n<p>Using the web app, it takes about five minutes for the employee to generate their BitLocker recovery key. This compares to the hour it took when they had to call Helpdesk.<\/p>\n<h2>Benefits<\/h2>\n<p>Our BitLocker recovery key solutions\u2014the portal and web app\u2014provide substantial productivity, resource, and security benefits. The tools get our employees back to a productive state, faster. An hour-long call has been replaced with a simple five-minute, self-service procedure.<\/p>\n<p>The portal and web app free our Helpdesk resources for other tasks. For example, BitLocker-related Helpdesk calls were reduced by 20 percent shortly after the portal was released.<\/p>\n<p>The solutions enhance security in a variety of ways. They minimize the number of transactions that a BitLocker recovery key must pass through. With the portal and the web app, only the employee interacts with their confidential recovery\u00a0data.<\/p>\n<p>Also, because our portal and web app were created with MBAM, a BitLocker recovery key is only good for a single use. If the employee needs a recovery key, a new key is generated and never used again.<\/p>\n<p>We used to recommend that employees keep an extra copy of their BitLocker recovery key, in the form of a printout or saved to a USB drive, for safekeeping. In addition to the obvious issue\u2014employees must remember where they hid the key\u2014compromising one of these copies is a real risk. With our MBAM portal and web app in place, there is no reason for employees to create extra copies of their BitLocker recovery key for safekeeping because the key will never be used again. In a native BitLocker scenario, a recovery key can be used more than once. The recovery key is valid until BitLocker is disabled and then re\u2011encrypted.<\/p>\n<h2>Conclusion<\/h2>\n<p>BitLocker is an essential protection mechanism for Microsoft and is applied to all our corporate assets. Our BitLocker recovery key solutions, enabled with MBAM, have evolved to a secure, fast, and efficient self-service portal and companion web app. The solutions save our employees time and increase their productivity, allow more strategic deployment of Helpdesk resources, and enhance security.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This content has been archived, and while it was correct at time of publication, it may no longer be accurate or reflect the current situation at Microsoft. To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff [&hellip;]<\/p>\n","protected":false},"author":146,"featured_media":10874,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"_hide_featured_on_single":false,"_show_featured_caption_on_single":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false},"version":2}},"categories":[1],"tags":[],"coauthors":[674],"class_list":["post-10872","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","m-blog-post"],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.7 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Self-service BitLocker recovery key tools enhance security and reduce costs - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff couldn\u2019t access it without a corporate network connection. To help our remote employees, we created a companion web app using Azure Active Directory Application Proxy. It extends the portal to any Internet-enabled phone or device. Now all employees can retrieve a single-use BitLocker recovery key in just a few minutes.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Self-service BitLocker recovery key tools enhance security and reduce costs - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff couldn\u2019t access it without a corporate network connection. To help our remote employees, we created a companion web app using Azure Active Directory Application Proxy. It extends the portal to any Internet-enabled phone or device. Now all employees can retrieve a single-use BitLocker recovery key in just a few minutes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-10-30T18:20:33+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-06-15T22:33:48+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1040\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Inside Track \u2013 retired stories\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Inside Track \u2013 retired stories\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/\",\"name\":\"Self-service BitLocker recovery key tools enhance security and reduce costs - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg\",\"datePublished\":\"2018-10-30T18:20:33+00:00\",\"dateModified\":\"2023-06-15T22:33:48+00:00\",\"author\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\"},\"description\":\"To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff couldn\u2019t access it without a corporate network connection. To help our remote employees, we created a companion web app using Azure Active Directory Application Proxy. It extends the portal to any Internet-enabled phone or device. Now all employees can retrieve a single-use BitLocker recovery key in just a few minutes.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg\",\"width\":1040,\"height\":585,\"caption\":\"Bearded male developer with glasses and over-ear headphones sitting in animal print bean bag chair using laptop. He is casually dressed in a zip-up hoodie, tee shirt and shorts. Nerf gun, duct tape, and water dispenser visible on shelf in background.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Self-service BitLocker recovery key tools enhance security and reduce costs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575\",\"name\":\"Inside Track \u2013 retired stories\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g\",\"caption\":\"Inside Track \u2013 retired stories\"},\"description\":\"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Self-service BitLocker recovery key tools enhance security and reduce costs - Inside Track Blog","description":"To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff couldn\u2019t access it without a corporate network connection. To help our remote employees, we created a companion web app using Azure Active Directory Application Proxy. It extends the portal to any Internet-enabled phone or device. Now all employees can retrieve a single-use BitLocker recovery key in just a few minutes.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/","og_locale":"en_US","og_type":"article","og_title":"Self-service BitLocker recovery key tools enhance security and reduce costs - Inside Track Blog","og_description":"To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff couldn\u2019t access it without a corporate network connection. To help our remote employees, we created a companion web app using Azure Active Directory Application Proxy. It extends the portal to any Internet-enabled phone or device. Now all employees can retrieve a single-use BitLocker recovery key in just a few minutes.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/","og_site_name":"Inside Track Blog","article_published_time":"2018-10-30T18:20:33+00:00","article_modified_time":"2023-06-15T22:33:48+00:00","og_image":[{"width":1040,"height":585,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg","type":"image\/jpeg"}],"author":"Inside Track \u2013 retired stories","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Inside Track \u2013 retired stories","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/","name":"Self-service BitLocker recovery key tools enhance security and reduce costs - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg","datePublished":"2018-10-30T18:20:33+00:00","dateModified":"2023-06-15T22:33:48+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575"},"description":"To get a BitLocker recovery key, Microsoft employees were spending up to an hour with Helpdesk. Microsoft Digital created a self-service portal that reduced Helpdesk calls\u2014but remote staff couldn\u2019t access it without a corporate network connection. To help our remote employees, we created a companion web app using Azure Active Directory Application Proxy. It extends the portal to any Internet-enabled phone or device. Now all employees can retrieve a single-use BitLocker recovery key in just a few minutes.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg","width":1040,"height":585,"caption":"Bearded male developer with glasses and over-ear headphones sitting in animal print bean bag chair using laptop. He is casually dressed in a zip-up hoodie, tee shirt and shorts. Nerf gun, duct tape, and water dispenser visible on shelf in background."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/self-service-bitlocker-recovery-key-tools-enhance-security-and-reduce-costs\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Self-service BitLocker recovery key tools enhance security and reduce costs"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/59e5f7b07dae629412c990cc1a63b575","name":"Inside Track \u2013 retired stories","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/ee0de87c339052d5d84852473bd7f213","url":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/24a8c329ab32afd1bc23fd1658d1acc2?s=96&d=mm&r=g","caption":"Inside Track \u2013 retired stories"},"description":"The content on this page was crafted to highlight a specific moment in time or the solutions that have led us to where we are today. It offers valuable insights into our journey and the progress made over the years. Check out the Inside Track blog page for our up-to-date stories around Microsoft.","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrackarchive\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2023\/05\/3888_hero.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-2Pm","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/10872"}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=10872"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/10872\/revisions"}],"predecessor-version":[{"id":10877,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/10872\/revisions\/10877"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/10874"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=10872"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=10872"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=10872"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=10872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}