Remediating the Crowdstrike incident requires affected Windows devices to be placed in Recovery Mode. If devices are encrypted with BitLocker, you'll need the BitLocker Recovery Key to gain access to Recovery Mode. This article shows you how to retrieve BitLocker Recovery Keys from Windows devices that have the JumpCloud BitLocker Policy applied. If you experience issues retrieving BitLocker Recovery Keys, please Contact JumpCloud Support for assistance.
JumpCloud can only retrieve Recovery Keys from Windows devices that have the BitLocker policy applied. If devices encounter additional issues after they’re decrypted using the key, JumpCloud cannot provide additional assistance as the JumpCloud Agent doesn’t run in Safe Mode. For help restoring devices, refer to Crowdstrike’s Remediation and Guidance Hub: Falcon Content Update for Windows Hosts.
Retrieving BitLocker Recovery Keys
You can view BitLocker Recovery Keys from both the Devices and Policy Management areas in the Admin Portal. You can obtain the recovery key for a single device, or multiple devices.
From the Device List
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Devices and click the Devices tab.
- In the Devices list, locate the target device.
- In the rightmost column, click the Actions menu.
- From the dropdown, select Recovery Key.
- The Recovery Key modal displays with the device’s recovery key.
From Policy Management
- Log in to the JumpCloud Admin Portal.
- Go to DEVICE MANAGEMENT > Policy Management.
- In the Policy list, locate the Bitlocker Full Disk Encryption Policy and click to open it.
The exact name of the BitLocker policy may differ if you customized it.
- Select the Devices tab and locate the target devices in the list.
- In the RECOVERY KEY column, click view key.
- The Recovery Key modal displays with the device’s recovery key.