# Enable Bitlocker on C: Drive then Backup Bitlocker Recovery Key to Azure for D

1. # Enable Bitlocker on C: Drive then Backup Bitlocker Recovery Key to Azure for Devices Joined to Azure Active Directory.
2. # Review this site to prep AD for Recovery Keys - https://theitbros.com/config-active-directory-store-bitlocker-recovery-keys/
3.  
4. # Check if Bitlocker is already enabled on C: Drive
5. $bitlockerStatus = Get-BitLockerVolume -MountPoint "C:"
6.  
7. if ($bitlockerStatus.ProtectionStatus -eq 'On') {
8. Write-Host "BitLocker is already enabled on C: drive. Exiting script."
9. exit
10. }
11.  
12. # Enable Bitlocker on C: Drive
13. Enable-BitLocker -MountPoint "C:" -EncryptionMethod XtsAes128 -UsedSpaceOnly -SkipHardwareTest -RecoveryPasswordProtector
14.  
15. # Backup Bitlocker Recovery Key to AD or AAD depending on if system is Azure / AD joined.
16. $key = (Get-BitLockerVolume -MountPoint "C:").KeyProtector | Where-Object { $_.KeyProtectorType -eq 'RecoveryPassword' } | Foreach-Object { "$($_.KeyProtectorId)" }
17.  
18. # Checks to see if system is domain joined - If AD Joined backs up to AD otherwise Backs up Recovery key to AAD.
19. if ((gwmi win32_computersystem).partofdomain -eq $true) {
20. Manage-BDE -Protectors -ADBackup C: -ID "$key"
21. }
22. else {
23. Manage-BDE -Protectors -AADBackup C: -ID "$key"
24. }
25.