Bitlocker key rotation with Power Apps and Power Automate

I’m feeling extra inspired this month so I’m plublishing another post.  If you missed the previous post about barcode scanning it can be found here:

The topic for this post is about rotating Bitlocker keys either by device or in bulk. This is an ask we receive quite often and currently can be initiated programmatically utilizing Microsoft Graph, however let’s take it a step further by utilizing Power Apps and Power Automate rotate Bitlocker keys.

Let’s get started!


  • Microsoft Intune
  • Microsoft Graph
  • Microsoft Power Apps (optional)
  • Microsoft Power Automate

Service Desk Power App update (based on previous post)

I published a service desk Power App back in September 2020 and for detail please visit: MEM custom service desk portal with Power Apps and Power Automate – Mobility, Management, & Security (

I updated it with a Bitlocker key rotation feature where it calls a new Power Automate flow to rotate the Bitlocker key for a selected device.

The flow to rotate the Bitlocker key for a selected device is extremely simple. The trigger is PowerApps and the HTTP call uses the device ID attribute from the selected device in the Service Desk Power App.

Reference the previous blog post on how to build the Service Desk app in Power Apps and add the “Rotate Bitlocker key” element to the app as shown below:

For the OnSelect property for the circular arrow add the following:


Bulk Bitlocker key rotation or on a schedule

To rotate Bitlocker keys for devices in bulk, create the following Power Automate.

For the trigger either use a manual or recurrence trigger if you’d like to schedule Bitlocker key rotations.

We then need to query only Windows devices using HTTP action. Add the following to the URI:$select=deviceName,id,operatingSystem&$filter=startsWith(operatingSystem,'Windows')

To rotate the Bitlocker keys use the value from Parse JSON action and cycle through each device by using Apply to each with an HTTP action. For the HTTP action the method is POST and utilize the following for the URI:{items('Apply_to_each')?['id']}/rotateBitLockerKeys

Note: “id” is the deviceID from the Parse JSON action.


That’s it! We updated the service desk Power App with an action to rotate the Bitlocker key for a particular device and walked through Bitlocker key rotation in bulk utilizing Power Automate.

For the month of May we’ll dive into Power Automate Desktop (PAD) and do some creative things, stay tuned!


Bitlocker key management FAQ: BitLocker Key Management FAQ (Windows 10) – Microsoft 365 Security | Microsoft Docs

Author: Courtenay Bernier

Courtenay is a technology professional with expertise in aligning traditional software and cloud services to strategic business initiatives. He has over 20 years of experience in the technology field as well as industry experience working with distribution centers, call centers, manufacturing, retail, restaurant, software development, engineering, and consulting. I am a Principal PM on the Microsoft Endpoint Management Engineering Team, all posts, opinions, statements are my own.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: