InTune Bitlocker keeps asking user for a recover key

John Hough 21 Reputation points
2021-02-22T17:19:13.067+00:00

Hi, After weeks of testing on various computers in our company, we've started deploying InTune bitlocker to our users to replace the standard MBAM managed bitlocker. A user we deployed to last week has been prompted for a recovery key every time she turns on her computer and we have no idea why. Any troubleshooting tips? I don't see anything in Endpoint manager, not sure where else to check for the cause. Thanks.

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,775 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,618 questions
0 comments No comments
{count} votes

Accepted answer
  1. Pa_D 1,071 Reputation points
    2021-02-22T19:33:48.927+00:00

    We have seen this behavior sometimes due to,

    1. Boot order
    • Check what is the boot order on PCs that are working and this one which is having the issue. Ideally primary boot should be set to HD

    2) Docking

    • We seen sometimes, certain device OEM causing issue due to docking station.

    3) Lastly use changes to PCR, to pin point which change is causing recovery action,
    https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/ts-bitlocker-decode-measured-boot-logs#:~:text=By%20tracking%20changes%20in%20the,%5CLogs%5CMeasuredBoot%5C%20folder.


1 additional answer

Sort by: Most helpful
  1. Lu Dai-MSFT 28,366 Reputation points
    2021-02-23T06:07:45.763+00:00

    @John Hough Thanks for posting in our Q&A.

    For this issue, I have done some research. I find that there are some events that will cause BitLocker to enter recovery key in the following article. It is suggested to try to check against this list.
    https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan#what-causes-bitlocker-recovery

    If there is anything unclear, feel free to let us know.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments