Existing / In Use / Already Encrypted W10 Devices - BL Keys to Azure AD

Regular Contributor

Hi All


Is there a way to port BitLocker keys on existing / in use devices that have already been encrypted (manually or outwith Intune) to Azure AD?


Info appreciated

3 Replies
First have a policy in place that saves the key to AAD, then you would have to force a key rotation for every device.

@Thijs Lecomte 


Hey can you elaborate on this?



Hi @Stuart King 


This would be my way of working:

- Create an Intune policy to enable encryption and store the key in AAD

- Disable the policy in the local AD

- Force a key rotation on all machines (https://www.scconfigmgr.com/2019/11/20/enable-bitlocker-key-rotation-for-intune-managed-devices/)