# Enable Bitlocker on C: Drive then Backup Bitlocker Recovery Key to Azure for Devices Joined to Azure Active Directory.
# Created by TechCentre with the help and assistance of the internet.
# Review this site to prep AD for Recovery Keys - https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/
#Enable Bitlocker on C: Drive
Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes128 -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector
#Backup Bitlocker Recovery Key to AD or AAD depending on if system is Azure / AD joined.
(Get-BitLockerVolume -MountPoint $volume.MountPoint).KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } | Foreach-Object {
$key = "$($_.KeyProtectorId)"}
# Checks to see if system is domain joined - If AD Joined backs up to AD otherwise Backs up Recovery key to AAD.
if ((gwmi win32_computersystem).partofdomain -eq $true) {
Manage-BDE -Protectors -ADBackup C: -ID "$key"
}
else{
Manage-BDE -Protectors -AADBackup C: -ID "$key"
}Script data
Language - PowerShell
Run as - System / Root User
Script timeout duration - 120 Mins