MBAM can be used as part of a Microsoft System Center deployment or as a stand-alone solution.
For more info, see Microsoft Bit Locker Administration and Monitoring.
To force a recovery for the local computer When planning the Bit Locker recovery process, first consult your organization's current best practices for recovering sensitive information.
Using suspend and resume also reseals the encryption key without requiring the entry of the recovery key.
If software maintenance requires the computer be restarted and you are using two-factor authentication, you can enable Bit Locker Network Unlock to provide the secondary authentication factor when the computers do not have an on-premise user to provide the additional authentication method.
The following policy settings define the recovery methods that can be used to restore access to a Bit Locker-protected drive if an authentication method fails or is unable to be used.
Note: If the PCs are part of a workgroup, users should be advised to save their Bit Locker recovery password with their Microsoft Account online.
This topic for IT professionals describes how to recover Bit Locker keys from AD DS.