Hi,
Thank you for posting in Microsoft Q&A forum.
1,BitLocker recovery keys are only saved to AAD or AD at the time they are set (or reset). Thus, we can either rotate them (which can be done using Intune) or send a script to them to force them to save their keys to AAD. Just simply push a PowerShell script to the devices without recovery keys to force the escrow of the recovery keys to AAD. Refer to:
How to force escrowing of Bitlocker recovery keys using Intune
Get Intune devices with missing BitLocker keys in Azure AD
2,If it doesn't work, please check the DeviceManagement-Enterprise-Diagnostic-Provider event log and Applications and Services Logs > Microsoft > Windows > BitLocker-API event log.
For more information, please refer to:
Using BitLocker recovery keys with Microsoft Endpoint Manager - Microsoft Intune
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.