Home

Hybrid Azure AD Join Devices not showing BitLocker recovery codes

%3CLINGO-SUB%20id%3D%22lingo-sub-811164%22%20slang%3D%22en-US%22%3EHybrid%20Azure%20AD%20Join%20Devices%20not%20showing%20BitLocker%20recovery%20codes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-811164%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20been%20deploying%20a%20lot%20of%20devices%20for%20a%20client%20using%20AutoPilot.%3C%2FP%3E%3CP%3EThey%20have%20a%20relatively%20simple%20setup.%20Only%20a%20couple%20of%20configuration%20profiles%20and%20applications.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20the%20configuration%20profiles%20is%20to%20enable%20BitLocker%20on%20the%20machines.%3C%2FP%3E%3CP%3EThe%20configuration%20has%20been%20working%20perfectly%20(or%20so%20we%20thought).%26nbsp%3B%3CBR%20%2F%3EToday%20I%20noticed%20that%20the%20majority%20of%20the%20devices%20don't%20show%20BitLocker%20recovery%20codes%20in%20Intune%20Devices%20or%20Azure%20AD%20Devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20configuration%20profile%20is%20showing%20as%20successful%20on%20almost%20all%20of%20the%20devices%2C%20but%20most%20of%20the%20ones%20showing%20successful%20don't%20have%20the%20BitLocker%20recovery%20codes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe've%20found%20a%20manual%20solution%20which%20is%20to%20open%20Manage%20BitLocker%20and%20use%20the%20Save%20recovery%20code%20to%20cloud%20account.%20This%20pushes%20the%20recovery%20code%20to%20the%20device%20in%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunately%2C%20this%20is%20not%20the%20expected%20behaviour%20of%20the%20configuration%20profile%20-%20all%20encrypted%20devices%20should%20be%20showing%20their%20BitLocker%20recovery%20codes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20how%20we%20can%20resolve%20this%20or%20know%20why%20this%20is%20happening%20this%20way%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-811164%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-838693%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Azure%20AD%20Join%20Devices%20not%20showing%20BitLocker%20recovery%20codes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-838693%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F329754%22%20target%3D%22_blank%22%3E%40nitvit610%3C%2FA%3E%26nbsp%3BI%20have%20the%20similar%20setup%20and%20when%20contacted%20MS%2C%20they%20mentioned%20that%20this%20is%20by%20design%20if%20we%20allow%20standard%20users%20to%20do%20the%20endpoint%20encryption.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130226iB71A54A841BB2C8C%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20this%20setup%2C%20the%20only%20way%20is%20to%20manually%20upload%20the%20key%20to%20cloud.%20I%20am%20curious%20to%20know%20from%20other%20if%20they%20found%20any%20options%3C%2FP%3E%3C%2FLINGO-BODY%3E
nitvit610
New Contributor

Hello,

 

We have been deploying a lot of devices for a client using AutoPilot.

They have a relatively simple setup. Only a couple of configuration profiles and applications.

 

One of the configuration profiles is to enable BitLocker on the machines.

The configuration has been working perfectly (or so we thought). 
Today I noticed that the majority of the devices don't show BitLocker recovery codes in Intune Devices or Azure AD Devices.

 

The configuration profile is showing as successful on almost all of the devices, but most of the ones showing successful don't have the BitLocker recovery codes.

 

We've found a manual solution which is to open Manage BitLocker and use the Save recovery code to cloud account. This pushes the recovery code to the device in Azure AD.

 

Unfortunately, this is not the expected behaviour of the configuration profile - all encrypted devices should be showing their BitLocker recovery codes.

 

Does anyone know how we can resolve this or know why this is happening this way?

 

Thanks

1 Reply

@nitvit610 I have the similar setup and when contacted MS, they mentioned that this is by design if we allow standard users to do the endpoint encryption.

 

clipboard_image_0.png

 

With this setup, the only way is to manually upload the key to cloud. I am curious to know from other if they found any options

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
30 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies