By Luke Ramsdale – Service Engineer | Microsoft Endpoint Manager – Intune
This is the third blog in our series on using BitLocker with Microsoft Endpoint Manager - Microsoft Intune. In the last...
Updated Dec 19, 2023
Version 12.0
Blog Post
Have one doubt:
In our environment we are managing bit locker with Intune and for fixed data drive multiple bit locker key IDs are getting generated for fixed drive and I checked WinRE is enabled, confirmed from registry: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\Providers\ID\default\Device\BitLocker settings are coming from Intune MDM only.
In Path: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\FVE\OSEnablePrebootInputProtectorsOnSlates = 1
But the same is not showing in SystemDrivesRecoveryOptions registry :
<enabled/><data id="OSAllowDRA_Name" value="true"/><data id="OSRecoveryPasswordUsageDropDown_Name" value="1"/><data id="OSRecoveryKeyUsageDropDown_Name" value="0"/><data id="OSHideRecoveryPage_Name" value="true"/><data id="OSActiveDirectoryBackup_Name" value="true"/><data id="OSActiveDirectoryBackupDropDown_Name" value="1"/><data id="OSRequireActiveDirectoryBackup_Name" value="true"/>
Can someone help me to find our why multiple keys are getting generated for fixed drive ? Is it Windows RE drive ?
Volume 1 - Windows RE - NTFS Partition -300 MB - Healthy
- Because of this issue limit is reached and no new keys are getting stored :
Logname : Microsoft-Windows-BitLocker-API/Management - Source : BitLocker-API
Failed to save BitLocker Drive Encryption recovery information to your Azure AD due to an error.
Request Id:
Response Time:
Error Code: directory_error
Error Subcode: error_keys_exceed_max_limit
Error message: Max limit for BitLocker keys has been reached for device: '