Home
%3CLINGO-SUB%20id%3D%22lingo-sub-1065793%22%20slang%3D%22en-US%22%3EKnown%20Issue%20with%20BitLocker%20Key%20rotation%20for%20Windows%2010%201909%20devices%20in%20Intune%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1065793%22%20slang%3D%22en-US%22%3E%3CP%3EWe%E2%80%99ve%20discovered%20an%20issue%20with%20the%20BitLocker%20Key%20rotation%20feature%20in%20Intune%20on%20recently%20updated%20Windows%2010%20devices.%20When%20you%20configure%20a%20Windows%2010%20device%20version%201909%20to%20support%20rotation%20of%20the%20BitLocker%20recovery%20key%2C%20you%20can%20select%20that%20particular%20device%20in%20the%20console%20and%20enable%20the%20%E2%80%9CBitLocker%20Key%20rotation%E2%80%9D%20remote%20action.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20there%20is%20a%20Windows%20bug%20with%20devices%20that%20were%20recently%20upgraded%20from%20version%201903%20to%20version%201909%2C%20where%20this%20remote%20action%20cannot%20be%20enabled.%20The%20action%20fails%20and%20you%20will%20see%20an%20error%20message%20in%20the%20console.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EWe%20are%20in%20the%20process%20of%20releasing%20a%20fix%20for%20this%20issue%20and%20we%E2%80%99ll%20update%20this%20post%20when%20the%20fix%20is%20live%20around%20the%20end%20of%20January.%20More%20information%20on%20key%20rotation%20is%20available%20here%3A%20%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fintune%252Fprotect%252Fencrypt-devices%2523rotate-bitlocker-recovery-keys%26amp%3Bdata%3D04%257C01%257CHimali.Pethe%2540microsoft.com%257C9f329790c3a74a9b4cd108d77e6c9e3e%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637116877286509549%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C-1%26amp%3Bsdata%3DEwMm01hDDiKiVtbC9NPwQQ5KgqQsscSm%252F1DTf1Cy7co%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3ERotate%20BitLocker%20recovery%20keys%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1065793%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eknown%20issue%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EWindows%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E

We’ve discovered an issue with the BitLocker Key rotation feature in Intune on recently updated Windows 10 devices. When you configure a Windows 10 device version 1909 to support rotation of the BitLocker recovery key, you can select that particular device in the console and enable the “BitLocker Key rotation” remote action.

 

However, there is a Windows bug with devices that were recently upgraded from version 1903 to version 1909, where this remote action cannot be enabled. The action fails and you will see an error message in the console.

 

We are in the process of releasing a fix for this issue and we’ll update this post when the fix is live around the end of January. More information on key rotation is available here: Rotate BitLocker recovery keys