- Since EPM 2020, it is possible to retrieve the Bitlocker key from the EPM console
- You can see the recovery key
- Which is the same as the key stored in AD
If the key is not available in AD (GPO applied after encryption), the key will still be available in EPM
- The encryption status is also available, which can be used for a Bitlocker activation query