BitLocker keys

%3CLINGO-SUB%20id%3D%22lingo-sub-2788323%22%20slang%3D%22en-US%22%3EBitLocker%20keys%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2788323%22%20slang%3D%22en-US%22%3EWe%20store%20BitLocker%20keys%20in%20AAD%20and%20MEM%20and%20this%20works%20fine%20for%20all%20makes%20except%20MS%20Surface%20Devices.%3CBR%20%2F%3E%3CBR%20%2F%3EReports%20state%20they%20are%20encrypted%20but%20keys%20are%20not%20stored%20for%20them.%3CBR%20%2F%3E%3CBR%20%2F%3EHas%20anyone%20seen%20this%3F%3CBR%20%2F%3E%3CBR%20%2F%3EAs%20I%20say%20Dell%20and%20HP%20etc%20all%20work%20as%20expected%20and%20all%20devices%20use%20the%20same%20policy%3CBR%20%2F%3E%3CBR%20%2F%3EThanks%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2788323%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Visitor
We store BitLocker keys in AAD and MEM and this works fine for all makes except MS Surface Devices.

Reports state they are encrypted but keys are not stored for them.

Has anyone seen this?

As I say Dell and HP etc all work as expected and all devices use the same policy

Thanks
1 Reply
Hi,

We have seen it also on random devices... and for some reason the bitlocker key isn't escrowed to azure ad.. WHen looking at the event log we noticed the 846 event in the bitlocker log. So we made sure we have created a pro active rem to detect this event and if it occurred it will try to send the key to azure ad with a powershell command

https://call4cloud.nl/2021/02/b-for-bitlocker/