1,508 questions
Just figured it out the easy way to re-populate it. On the laptop goto Settings - Device Encryption - Backup BitLocker Recovery Key - Save to Azure account
Thanks!
How long does it take for the BitLocker key to populate in AAD?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(48, 32%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAS%3C/text%3E%3C/svg%3E)
Andy Slater
96
Reputation points
Hello all-
I recently had to remove some laptops from a tenant and re-add them in order to get them to enroll in Intune and was curious to know how long it takes (on average) for the BitLocker keys to re-populate in AAD? BitLocker was enabled before I removed them and stayed on throughout. Most of the keys have repopulated, but I have one or two that don't. I know its completely subjective given the size of the HDD and other hardware/software factors, but is there a rough guide to this? BitLocker does show enabled on the laptops in question.
Thanks!
Microsoft Security | Intune | Enrollment
Accepted answer
-
Andy Slater 96 Reputation points
2021-11-19T20:31:10.727+00:00 -
Jason Sandys 31,411 Reputation points Microsoft Employee Moderator2021-11-19T21:04:05.79+00:00 Right, this is a way to manually force it on the device itself, but if you need to do this to more thana few devices, then using a PowerShell deployed from Intune is the way to go.
-
Andy Slater 96 Reputation points
2021-11-19T21:08:04.537+00:00 Totally agree.
Sign in to comment -
1 additional answer
Sort by: Most helpful
-
Jason Sandys 31,411 Reputation points Microsoft Employee Moderator
2021-11-18T22:18:45.163+00:00 BitLocker recovery passwords will never "re-populate". Windows only sends recovery keys to AD or AAD at the time they are set or changed. You can force them using PowerShell though: https://learn.microsoft.com/en-us/powershell/module/bitlocker/backuptoaad-bitlockerkeyprotector?view=windowsserver2022-ps
-
Andy Slater 96 Reputation points
2021-11-19T20:08:15.103+00:00 Jason-
Thanks for the response. "Re-populate" might be a bad choice of phrasing.
I've had maybe 8 laptops that I had to disconnect from AAD (Win10 - Settings - Access work or school - Disconnect) and reconnect (same process) in order to get them to show up in Intune. Bad initial setup and currently rolling out of Intune. 5 of those had the BitLocker key show back up in AAD after a period of time. The remaining three have not. My assumption, based on those 5 laptops, was that the BitLocker key will repopulate, for a lack of a better term, after it gets finished doing whatever BitLocker does.
Any ideas?
-
Jason Sandys 31,411 Reputation points Microsoft Employee Moderator
2021-11-19T21:02:40.157+00:00 Same answer. That's not how it works. Windows only automatically sends the recovery password to AD and/or AAD when the key is set or reset. If you need anything else, you need to use a script to force it.
Sign in to comment -