Bitlocker Recovery Keys Not Backing up

William Schmitt 11 Reputation points
2021-08-26T20:49:25.397+00:00

My organization has recently made the move to Intune and among the several growing pains we've had with it, automating Bitlocker has been a big one. I've finally got it configured to silently encrypt devices, but its not uploading the recovery keys to our AAD like I have it set to. I can go to the machines after the fact and manually upload the keys to AAD, but that kind of defeats the purpose of a silent set up. Most of our devices are already encrypted so we are working with a small pilot group to try everything out on and all of these were preconfigured to our hybrid AAD before picking up Intune, but I don't know if that would cause an issue with this or not.

Microsoft Intune Configuration
Microsoft Intune Configuration
Microsoft Intune: A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.Configuration: The process of arranging or setting up computer systems, hardware, or software.
1,774 questions
Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,594 questions
{count} votes

3 answers

Sort by: Most helpful
  1. Nick Hogarth 3,436 Reputation points
    2021-08-26T22:43:32.347+00:00

    Have you confirmed that the policy is set to backup keys to AAD? Have you reviewed the event logs to see if there are any errors about backing up the keys? Application and Services Logs > Microsoft > Windows > BitLocker -API > Management


  2. Lu Dai-MSFT 28,366 Reputation points
    2021-08-27T06:32:34.427+00:00

    @William Schmitt Thanks for posting in our Q&A. From your description, I know that you silently enable BitLocker on the device, but Bitlocker Recovery Keys are not saved in Azure AD. If there is anything misunderstanding, feel free to let us know.

    To clarify this issue, we appreciate your help to collect some information:

    1. Please show the screen shots of the settings about this Bitlocker policy.
    2. Please make sure that the deployment status of this Bitlocker policy is succeeded.

    If there is anything update, feel free to let us know.


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Jason Sandys 31,186 Reputation points Microsoft Employee
    2021-08-27T15:59:20.547+00:00

    Most of our devices are already encrypted

    Are the devices that you are testing already encrypted as well?

    Have you reviewed the BitLocker event log?

    Do the systems have line of sight to a domain controller?