Bitlocker recovery key question

Question

I have Sophos endpoint management, but i don't think that we will still using this portal. then, we will lost the management from bitlocket on sophos and they said we need uninstall bitlocker before expire contact.

And, we still have the device in Intune with different recovery key with bitlocker.

My question is: why the number of recovery key both Intune and Sophos is differrent? If i stop using Sophos, can I keep using Intun and Azure with bitlocker? because the key is different.

Answer 1

Hello,

The reason why the number of recovery keys in Intune and Sophos may be different is that each management platform generates its own unique recovery key for BitLocker encryption. When you enroll a device in a specific management platform, such as Sophos or Intune, that platform becomes responsible for managing BitLocker on that device and generates its own recovery key.

If you decide to stop using Sophos and rely solely on Intune and Azure for managing BitLocker, it's important to ensure that you have a copy of the recovery key generated by Intune for each device. You can retrieve the recovery key from the Intune portal or through other methods, such as PowerShell scripts or the BitLocker recovery key backup to Azure AD.

When transitioning from Sophos to Intune, you should update the BitLocker recovery key information in your records or documentation to reflect the recovery keys managed by Intune. By doing so, you can continue to manage BitLocker using Intune without relying on Sophos.

Remember to properly document and securely store the recovery keys generated by Intune to ensure that you can access them if needed for recovery purposes.

I used AI provided by ChatGPT to formulate part of this response. I have verified that the information is accurate before sharing it with you.

--If the reply is helpful, please Upvote and Accept as answer--