Allow programmatic access of BitLocker recovery keys
Currently it is possible (if you have permission) to view BitLocker recovery keys on the "Device" page of the Azure Active Directory portal.
It is also possible to view Device information through the API or through Microsoft Graph, but this does not include the BitLocker recovery information.
A programmatic way to view this data would be incredibly useful for creating a secure backup of the recovery keys.
Another use case, which is what I was hoping to achieve, is to have users in the field encrypt data with their BitLocker key and then send a CD containing the encrypted data back to the main office where it needs to be decrypted and added to our systems. This is not possible unless the upload system in our main office has programmatic access to the recovery keys.
Work has started and this should be available in public preview in Q3 2019.
Need to be able to delegate the retrieval of BitLocker keys by someone other than Global Admin or other elevated Service level admin. Delegation of key retrieval needs to be at the security group level with groups of Users or groups of Devices.