Forum Discussion
Bitlocker recovery keys not syncing on OnPrem devices
Hi JimmyWork
Do you have on premise GPO? If you do, bear in mind it will always win, so make sure its disabled on devices that scoped in Intune policy.
I would also use Intune Endpoint Protection Template (like you mentioned above) and make sure the setting you attached is selected and also the one I attached.I have used the script below last year to migrate the keys into AAD, hope it helps as well
https://msendpointmgr.com/2021/01/12/migrate-bitlocker-to-azure-ad/
Moe
The following option is not present in a Bitlocker policy, but present in a Endpoint protection policy template. Would this actually solve it? And do i have to delete the Bitlocker policy or is there anyway of me setting only that option?
Hi JimmyWork
Do you have on premise GPO? If you do, bear in mind it will always win, so make sure its disabled on devices that scoped in Intune policy.
I would also use Intune Endpoint Protection Template (like you mentioned above) and make sure the setting you attached is selected and also the one I attached.I have used the script below last year to migrate the keys into AAD, hope it helps as well
https://msendpointmgr.com/2021/01/12/migrate-bitlocker-to-azure-ad/
Moe
Also in your image you are using a Endpoint protection policy template, I have configure Bitlocker policy with a Bitlocker policy template, the option
"Store recovery information in Azure Active Directory before enabling BitLocker" is not available in my config, I do however have "Require device to back up recovery information to Azure AD"
Got it, thanks for the clarification!
I still think disabling GPO policy would remove some complexity in your case. There are multiple places for Bitlocker in MEM and I would stay on one policy from MEM.
Moe
- Thank you for answering, i do have on premise GPO but I also have set the policy for MDM wins over GPO
https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-controlpolicyconflict