This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(124.80000000000001, 67%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXG%3C/text%3E%3C/svg%3E)
Dear Team,
We have enabled Bitlocker for all of our devices in Intune. However, we don’t understand why we can see the bitlocker keys for some devices but not for others, for example the two devices shown below are both compliant, but we can see the recovery key for one but not for the other:
Do you know why this may be?
Thanks in advance!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 57.00000000000001%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMH%3C/text%3E%3C/svg%3E)
Try to backup bitlocker from user side bitlocker.jpeg
There might be knowing issue going on now, because all of sudden, disk encryption stopped working for few enviroments I know. Go to event viewer, under Windows and Apps, look for Bitlocker-API node and look for the error code you see there. If it is about not to be able to upload keys to AzureAD, it might be it. I keep you posted.
Hi,
Thank you for posting in Microsoft Q&A forum.
1,BitLocker recovery keys are only saved to AAD or AD at the time they are set (or reset). Thus, we can either rotate them (which can be done using Intune) or send a script to them to force them to save their keys to AAD. Just simply push a PowerShell script to the devices without recovery keys to force the escrow of the recovery keys to AAD. Refer to:
How to force escrowing of Bitlocker recovery keys using Intune
Get Intune devices with missing BitLocker keys in Azure AD
2,If it doesn't work, please check the DeviceManagement-Enterprise-Diagnostic-Provider event log and Applications and Services Logs > Microsoft > Windows > BitLocker-API event log.
For more information, please refer to:
Using BitLocker recovery keys with Microsoft Endpoint Manager - Microsoft Intune
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
It depends... but I would wait untill Microsoft fixed a bug they are currently having
https://call4cloud.nl/2023/07/0x80072f8f-a-bitlocker-odyssey/