Specops Key Recovery
MFA-secured self-service recovery for BitLocker and Symantec keys.
"Used when encrypted endpoints lock out users or remote staff lose access and an MFA-secured recovery of keys is required."
Recover full-disk encryption keys via an MFA-secured self-service portal
Full-disk encryption can prevent users from starting their devices whenever a pre-boot authentication error or a password change occurs. Without a self-service option, those situations drive repeated helpdesk calls and extended user downtime.
The product enables authorised users to retrieve BitLocker and Symantec recovery keys through a browser portal that requires multi-factor authentication. It supports pre-enrolment and multiple identity providers so organisations can fit key recovery into existing identity flows.
Where Specops Key Recovery is used
Provide a self-service route to retrieve BitLocker recovery keys when pre-boot lockouts occur, reducing the need for helpdesk intervention.
Allow users who have lost or changed Symantec Endpoint Encryption credentials to obtain recovery keys securely, with MFA, from any web browser.
Suitable environments
Fits organisations that use Active Directory and deploy BitLocker across Windows endpoints, where a central IT/helpdesk team handles endpoint support. It is suitable for medium to large organisations (500+ staff) and for environments that need controlled, auditable access to encryption recovery keys.
Benefits
Fewer helpdesk calls
Lowers the volume of helpdesk calls related to full-disk encryption lockouts.
Faster device access
Restores user access to encrypted devices more quickly than manual recovery workflows.
Reduced social engineering risk
MFA verification reduces the risk of social engineering during key release.
Integration flexibility
Works with multiple identity providers to fit existing identity and authentication setups.
Remote recovery
Enables users to obtain recovery keys from outside the corporate network via a browser.
Administrative control
Pre-enrolment gives administrators control over who can request recovery keys.
Capabilities
Key retrieval portal
MFA verification
Multiple identity providers
Browser access
Administrator pre-enrolment
BitLocker & Symantec support
Applications
BitLocker pre-boot recovery
Provide self-service recovery when BitLocker triggers a pre-boot lockout on Windows endpoints.
Symantec key recovery
Recover Symantec Endpoint Encryption keys after password loss or password changes.
Reduce helpdesk pressure
Lower the operational load on central IT and helpdesk teams handling encrypted endpoint support.
Remote worker access
Allow remote staff to regain access without travelling to site or relying on phone support.
Fit for AD-managed estates
Suitable for environments that use Active Directory to manage identities and devices at scale.
Auditable recovery
Provide a controlled, auditable mechanism for disclosing recovery keys in regulated sectors.
