anwather/Bitlocker Export

## Bitlocker Export
function Get-EntraBitLockerKeys {
    [CmdletBinding()]
    param (
        [Parameter(Mandatory = $false, HelpMessage = "Device name to retrieve the BitLocker keys from Microsoft Entra ID", ValueFromPipeline = $true)]
        [string]$DeviceName
        [Parameter(Mandatory = $false, HelpMessage = "Device Id to retrieve the BitLocker keys from Microsoft Entra ID", ValueFromPipeline = $true)]
        [string]$DeviceId
    )

    Process {
        if ($DeviceId -ne $null) {
            # Assume the device ID is already provided in params....
        }
        else {
            $DeviceID = (Get-MGDevice -filter "displayName eq '$DeviceName'").DeviceId
        }
        if ($DeviceID) {
            $KeyIds = (Get-MgInformationProtectionBitlockerRecoveryKey -Filter "deviceId eq '$DeviceId'").Id
            if ($keyIds) {
                #Write-Host -ForegroundColor Yellow "Device name: $devicename"
                foreach ($keyId in $keyIds) {
                    $recoveryKey = (Get-MgInformationProtectionBitlockerRecoveryKey -BitlockerRecoveryKeyId $keyId -Select "key").key
                    # Write-Host -ForegroundColor White " Key id: $keyid"
                    # Write-Host -ForegroundColor Cyan " BitLocker recovery key: $recoveryKey"
                    $obj = [PSCustomObject]@{
                        DeviceName  = $DeviceName
                        KeyId       = $keyId
                        RecoveryKey = $recoveryKey
                    }
                    return $obj
                }
            }
            else {
                return "No BitLocker recovery keys found for device $DeviceName"
            }
        }
        else {
            return "Device $DeviceName not found"
        }
    }

}

# Install-Module Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Force
# Import-Module Microsoft.Graph.Identity.SignIns
Connect-MgGraph -Scopes @('Device.Read.All', 'BitlockerKey.Read.All') -NoWelcome

$deviceNameList = @(
    "deviceA",
    "deviceB",
    "deviceC"
)

$deviceNameList | Get-EntraBitLockerKeys
	function Get-EntraBitLockerKeys {
	[CmdletBinding()]
	param (
	[Parameter(Mandatory = $false, HelpMessage = "Device name to retrieve the BitLocker keys from Microsoft Entra ID", ValueFromPipeline = $true)]
	[string]$DeviceName
	[Parameter(Mandatory = $false, HelpMessage = "Device Id to retrieve the BitLocker keys from Microsoft Entra ID", ValueFromPipeline = $true)]
	[string]$DeviceId
	)

	Process {
	if ($DeviceId -ne $null) {
	# Assume the device ID is already provided in params....
	}
	else {
	$DeviceID = (Get-MGDevice -filter "displayName eq '$DeviceName'").DeviceId
	}
	if ($DeviceID) {
	$KeyIds = (Get-MgInformationProtectionBitlockerRecoveryKey -Filter "deviceId eq '$DeviceId'").Id
	if ($keyIds) {
	#Write-Host -ForegroundColor Yellow "Device name: $devicename"
	foreach ($keyId in $keyIds) {
	$recoveryKey = (Get-MgInformationProtectionBitlockerRecoveryKey -BitlockerRecoveryKeyId $keyId -Select "key").key
	# Write-Host -ForegroundColor White " Key id: $keyid"
	# Write-Host -ForegroundColor Cyan " BitLocker recovery key: $recoveryKey"
	$obj = [PSCustomObject]@{
	DeviceName = $DeviceName
	KeyId = $keyId
	RecoveryKey = $recoveryKey
	}
	return $obj
	}
	}
	else {
	return "No BitLocker recovery keys found for device $DeviceName"
	}
	}
	else {
	return "Device $DeviceName not found"
	}
	}

	}

	# Install-Module Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Force
	# Import-Module Microsoft.Graph.Identity.SignIns
	Connect-MgGraph -Scopes @('Device.Read.All', 'BitlockerKey.Read.All') -NoWelcome

	$deviceNameList = @(
	"deviceA",
	"deviceB",
	"deviceC"
	)

	$deviceNameList \| Get-EntraBitLockerKeys
No results found