Fairly new to Windows world, I am trying to get Bitlocker keys of a device through the Azure AD API in python (I am in the case where I store those keys in the AD domain).
My client application is registered in the AD and BitlockerKey.ReadBasic.All and Device.ReadWrite.All are allowed. I can get token access through Graph API, and the device's list. But although Bitlocker keys appear in the web interface at the device level, the following request returns the several device's fields, but without Bitlocker keys. I wonder what is the entry point.
req = requests.get('https://graph.microsoft.com/v1.0/devices/', headers=headers)
print req.text
If I a concatenate this URL with a deviceId, I get an error :
{
"error": {
"code": "Request_ResourceNotFound",
"message": "Resource 'XXX' does not exist or one of its queried reference-property objects are not present."
Currently getting Bitlocker keys of a device Is not supported via Microsoft Graph API.
See there two posts on User Voice:
Provide a way to access bitlocker recovery keys programmatically
Query Azure AD Devices BitLocker recovery key via PowerShell
You can vote on the User Voice requests for these suggestions for action by the Azure AD team.