Forum Discussion
BitLocker backup into Entra ID
We are in the process of setting up Hybrid Join. When I try to backup the bitlocker key to Entra ID I get the following error in the event viewer Failed to backup BitLocker Drive Encryption recover...
The status of the BitLocker Encryption shows Fully Encrypted.
manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows]
[OS Volume]
Size: 117.44 GB
BitLocker Version: 2.0
Conversion Status: Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
The event Viewer log shows
Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Azure AD.
TraceId: {***************************}
Error: Unknown HResult Error code: 0x80072efe
manage-bde -status
BitLocker Drive Encryption: Configuration Tool version 10.0.19041
Copyright (C) 2013 Microsoft Corporation. All rights reserved.
Disk volumes that can be protected with
BitLocker Drive Encryption:
Volume C: [Windows]
[OS Volume]
Size: 117.44 GB
BitLocker Version: 2.0
Conversion Status: Fully Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection On
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors:
TPM
Numerical Password
The event Viewer log shows
Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Azure AD.
TraceId: {***************************}
Error: Unknown HResult Error code: 0x80072efe
Anything in leading up to the eventvwr log you shared? “The event Viewer log shows
Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Azure AD.
TraceId: {***************************}
Error: Unknown HResult Error code: 0x80072efe”
Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Azure AD.
TraceId: {***************************}
Error: Unknown HResult Error code: 0x80072efe”
- Is the endpoint able to communicate with Azure services? Do you use FW\proxy with ssl inspection enabled?
- Yes the machine is Hybrid joined to Entra ID and is compliant in EndPoint Mgmt. No we dont use FW\proxy.
- Can you answer the following?
1. Where are the BitLocker policies applying from? GPO or Intune
2. Is the issue affecting a particular model or multiple?
- FYI: the traceId changes each time. Which i think probably is normal.
The eventvwr log leading up to the errors are just information events and warning events.
The warning event: "BitLocker resealed boot settings to the TPM for volume C:."
Information event:
"BitLocker successfully sealed a key to the TPM.
PCRs measured include [7,11].
The source for these PCRs was: Secure Boot."
and
A trusted WIM file has been added for volume C:.
The SHA-256 hash of the WIM file is: (random characters)