Hello @Nurfajrina Naserudin ,
Thanks for your response. Considering your infra please follow the given steps to have all keys in Azure AD only :
- Use PowerShell to upload all recovery keys to Azure- AD. Deploy the PowerShell script to devices in patches via Intune.
// This will upload the latest keys to Azure AD
Ref Example: https://learn.microsoft.com/en-us/powershell/module/bitlocker/backuptoaad-bitlockerkeyprotector?view=windowsserver2022-ps#examples - Use only Intune Bit-locker policy and remove GPO from the devices. // This will make devices to follow only 1 policy avoiding the conflict.
Thanks,
Akshay Kaushik
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.