In order to obtain a recovery key, the user can contact the Helpdesk team and the Helpdesk team can provide a recovery key for them via a convenient Web portal.  

Because this is a web portal, it is very convenient for the helpdesk team to be able to provide

Once logged in, selects the option for recovery for "Help Desk" (SEE Native Encryption), Bitlocker Recovery, FileVault etc.

Symantec Endpoint Encryption offers "connectionless" recovery so even machines that have never logged in to the server can be recovered.  

Bitlocker and FileVault need to send up a recovery key with the SEE clients that makes this process very easy.

Troubleshooting:

Item 1:
IE 11: If you are trying to access the helpdesk recovery screen and the recovery key does not get displayed, this is a known issue.  Use Chrome, Edge, or Firefox instead and the recovery key should then work.

Item 2: 
If you are attempting to access the Helpdesk Web Portal and the browser provides an error and does not display the login portal, go into the developer tools and see if there are any exceptions.  If you see "UPGRADE_INSECURE_REQUESTS" is part of the exception, ensure your connections to the SEE Helpdesk portal are using TLS 1.2.

If you see the above message showing, check the configuration for the SEE Configuration Manager for the communications portal.  If there are any ports missing, enter those in and save.

In one setup, a port was missing, but would not allow the configuration to be changed, so a random port, such as port 50000 was used and the configuration saved. 

Then enter the proper port and save again and this should resolve this issue.