We're deploying Windows 10 encryption using Intune and we have enabled "Enable BitLocker after recovery information to store: By setting this to Yes, BitLocker recovery information will be saved to Active Directory Domain Services".
We have some computers that are hybrid Azure AD Joined but are not able to encrypt the drives due to an error in the Bitlocker event logs:
"Failed to backup BitLocker Drive Encryption recovery information to Active Directory Domain Services."
Event ID: 785
If we deploy a read-only domain controller where these devices can communicate does that satisfy the requirements?