Forum Discussion
BitLocker recovery key not being uploaded into Intune when using BackupToAAD-BitLockerKeyProtector
You may want to look into this Autopilot feature, which gets it to work over VPN, and would thereby give you line-of-sight to the DC that way.
Trying Out Autopilot Hybrid Join Over VPN In Your Azure Lab
Please like or mark this thread as answered if it's helpful, thanks!
Hey Kurt, thanks for the info on the WMI/.NET backend. I was scratching my head trying to understand the workings of that cmdlet.
We tried deploying the Intune encryption policy to get the key backed up but no luck, same story with the script running as system. Looking in event viewer shows the following after running the script:
Event 846: Failed to backup BitLocker Drive Encryption recovery information for volume C: to your Azure AD. You need to be signed into Windows with a Microsoft account to save your recovery key.
I didn't mention originally but our devices are HAADJ without line of sight to the DC, I think this is our issue here. It's a shame Intune can't escrow the key for us through the mdm enrolment profile.
You may want to look into this Autopilot feature, which gets it to work over VPN, and would thereby give you line-of-sight to the DC that way.
Trying Out Autopilot Hybrid Join Over VPN In Your Azure Lab
Please like or mark this thread as answered if it's helpful, thanks!