![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(108.80000000000001, 98%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETE%3C/text%3E%3C/svg%3E)
Microsoft Security | Intune | Configuration Manager | Other
Other Configuration Manager-related features and issues
Hi,
Thank you for posting in Microsoft Q&A forum.
1,BitLocker recovery keys are only saved to AAD or AD at the time they are set (or reset). Thus, we can either rotate them (which can be done using Intune) or send a script to them to force them to save their keys to AAD. Just simply push a PowerShell script to the devices without recovery keys to force the escrow of the recovery keys to AAD. Refer to:
How to force escrowing of Bitlocker recovery keys using Intune
Get Intune devices with missing BitLocker keys in Azure AD
2,If it doesn't work, please check the DeviceManagement-Enterprise-Diagnostic-Provider event log and Applications and Services Logs > Microsoft > Windows > BitLocker-API event log.
For more information, please check out below awesome posts
Using BitLocker recovery keys with Microsoft Endpoint Manager - Microsoft Intune
Troubleshooting BitLocker policies from the client side
3,==>if we enable bitlocker managment on SCCM is this affect our Intune device encyrption policy? We just want to use this monitoring
If the device is co-management and workloads are moved to Intune, then the SCCM client ignores the BitLocker policy.
Thanks for your time. Have a nice day!
Best regards,
Simon
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.