Why am I getting an event alert "A BitLocker recovery key has been revoked from: BKLAMME-8152Y0C" in the Sophos Cental console whenever I just read the Bitlocker recovery key?

Hello Peoples,

 

Why am I getting an event alert "A BitLocker recovery key has been revoked from: BKLAMME-8152Y0C" in the Sophos Cental console whenever I just read the Bitlocker recovery key?

  • Hello Yashpal,

    Per our documentation:
    Recovery key revoked:
    A recovery key has been viewed in Sophos Central, so it has been revoked and will be replaced.

    Click here for a list of the alerts from Device Encryption. 

    Here's a general FAQ regarding Device Encryption for Windows:
    FAQ on Sophos Central Device Encryption (Windows) 

    If you require further assistance, could you please provide more information regarding the actions that took place, as well as the Sophos product involved and the environment ?

    Regards,

  • In reply to Barb@Sophos:

    Hi Barb,

     

    Thanks for the response!

     

    So, if I want to check if the recovery key is received or not and click on "Retrieve Recovery Key" in the console, the key gets revoked? When will the console receive a new key? 

  • In reply to G33k:

    Hello Yashpal,

    Per the FAQ KB:
    How often does the device synchronize with the backend?
    Approximately every 30 seconds.

    So next time you view the key, this process will restart (you will see the key, it will get revoked and a new one will be created). 

    Please let me know if you have additional questions, or if this answers your query.

    Regards,

  • In reply to Barb@Sophos:

    Hello Barb,

    What if i can see the recovery Key when i click Retrieve recovery key but not getting any alert that it is revoked.

    Because, user can use the recovery Key but when user change the password (referring to MAC), he cannot login with new password but can login with the same recovery Key.

    What should be done in this case ?

    Agent on the client end is latest and receiving all the latest scan and updated events.

     

    Regards,

    Balarama Kishore Yerra

  • In reply to balaramyerra:

    Hi balaramyerra,

    For Mac, please have a look at this entry, and let me know if it helps:
    Recover Mac endpoints

    Here's the Mac Encryption FAQ for more info:
    Sophos Central Device Encryption: Mac FAQ

    If you need further assistance please provide more information regarding the issue, the MacOS version, and the Sophos version installed. 

    Thanks!

  • In reply to Barb@Sophos:

    Hi Barb,

     

    Answer to my query is not listed there.

     

    Mac OS Version 10.14

    Sophos Agent Version 9.9.2

     

    Regards,

    Balarama Kishore Yerra

  • In reply to balaramyerra:

    Hi balaramyerra,

    Regarding Mac encryption please review this this Apple article:
    https://support.apple.com/en-in/HT204837

    Regarding Sophos Central recovery key, please see below and let us know which steps you are following, and where are you getting stuck, so that we can better assist you.
    Here's how to recover the key and change a password:
    Retrieve recovery key (Mac)

    Note that: 
    On endpoints running macOS 10.12 or earlier, a new recovery key is created and stored in Sophos Central. A recovery key can only be used once. If you need to recover a computer again later, you need to retrieve a new recoverykey.
    On endpoints running macOS 10.13 and Apple File System (APFS), no new recovery key is created. The existing recovery key remains valid.

    Thanks!

  • In reply to Barb@Sophos:

    Hi Barb,

     

    "On endpoints running macOS 10.13 and Apple File System (APFS), no new recovery key is created. The existing recovery key remains valid."

    As per this statement, will Sophos create an event in console that its been revoked once we check recovery key from console end ?

    Regards,

    Balarama Kishore Yerra

  • In reply to balaramyerra:

    Hello  

    Sophos will not create an event in the console for MAC machines as a revoke mechanism is only for the Windows Operating system which uses Bitlocker as their native encryption.