Home

Hybrid Azure AD Join Devices not showing BitLocker recovery codes

%3CLINGO-SUB%20id%3D%22lingo-sub-811164%22%20slang%3D%22en-US%22%3EHybrid%20Azure%20AD%20Join%20Devices%20not%20showing%20BitLocker%20recovery%20codes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-811164%22%20slang%3D%22en-US%22%3E%3CP%3EHello%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe%20have%20been%20deploying%20a%20lot%20of%20devices%20for%20a%20client%20using%20AutoPilot.%3C%2FP%3E%3CP%3EThey%20have%20a%20relatively%20simple%20setup.%20Only%20a%20couple%20of%20configuration%20profiles%20and%20applications.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EOne%20of%20the%20configuration%20profiles%20is%20to%20enable%20BitLocker%20on%20the%20machines.%3C%2FP%3E%3CP%3EThe%20configuration%20has%20been%20working%20perfectly%20(or%20so%20we%20thought).%26nbsp%3B%3CBR%20%2F%3EToday%20I%20noticed%20that%20the%20majority%20of%20the%20devices%20don't%20show%20BitLocker%20recovery%20codes%20in%20Intune%20Devices%20or%20Azure%20AD%20Devices.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20configuration%20profile%20is%20showing%20as%20successful%20on%20almost%20all%20of%20the%20devices%2C%20but%20most%20of%20the%20ones%20showing%20successful%20don't%20have%20the%20BitLocker%20recovery%20codes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWe've%20found%20a%20manual%20solution%20which%20is%20to%20open%20Manage%20BitLocker%20and%20use%20the%20Save%20recovery%20code%20to%20cloud%20account.%20This%20pushes%20the%20recovery%20code%20to%20the%20device%20in%20Azure%20AD.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EUnfortunately%2C%20this%20is%20not%20the%20expected%20behaviour%20of%20the%20configuration%20profile%20-%20all%20encrypted%20devices%20should%20be%20showing%20their%20BitLocker%20recovery%20codes.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDoes%20anyone%20know%20how%20we%20can%20resolve%20this%20or%20know%20why%20this%20is%20happening%20this%20way%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-811164%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EIntune%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMobile%20Device%20Management%20(MDM)%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-838693%22%20slang%3D%22en-US%22%3ERe%3A%20Hybrid%20Azure%20AD%20Join%20Devices%20not%20showing%20BitLocker%20recovery%20codes%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-838693%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F329754%22%20target%3D%22_blank%22%3E%40nitvit610%3C%2FA%3E%26nbsp%3BI%20have%20the%20similar%20setup%20and%20when%20contacted%20MS%2C%20they%20mentioned%20that%20this%20is%20by%20design%20if%20we%20allow%20standard%20users%20to%20do%20the%20endpoint%20encryption.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F130226iB71A54A841BB2C8C%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20this%20setup%2C%20the%20only%20way%20is%20to%20manually%20upload%20the%20key%20to%20cloud.%20I%20am%20curious%20to%20know%20from%20other%20if%20they%20found%20any%20options%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
nitvit610
Occasional Contributor

Hello,

 

We have been deploying a lot of devices for a client using AutoPilot.

They have a relatively simple setup. Only a couple of configuration profiles and applications.

 

One of the configuration profiles is to enable BitLocker on the machines.

The configuration has been working perfectly (or so we thought). 
Today I noticed that the majority of the devices don't show BitLocker recovery codes in Intune Devices or Azure AD Devices.

 

The configuration profile is showing as successful on almost all of the devices, but most of the ones showing successful don't have the BitLocker recovery codes.

 

We've found a manual solution which is to open Manage BitLocker and use the Save recovery code to cloud account. This pushes the recovery code to the device in Azure AD.

 

Unfortunately, this is not the expected behaviour of the configuration profile - all encrypted devices should be showing their BitLocker recovery codes.

 

Does anyone know how we can resolve this or know why this is happening this way?

 

Thanks

1 Reply
Highlighted

@nitvit610 I have the similar setup and when contacted MS, they mentioned that this is by design if we allow standard users to do the endpoint encryption.

 

clipboard_image_0.png

 

With this setup, the only way is to manually upload the key to cloud. I am curious to know from other if they found any options

Related Conversations
SharePoint 2016 / sharepoint online
Share24x7 in SharePoint on
1 Replies
Get the user role from Azure AD by Laravel azure ad oauth
Arulraj123 in Azure on
0 Replies
Microsoft Developer Virtual Conference
Jenn Jinhong in Community Events List on
0 Replies
Ports
Rising Flight in Office 365 on
0 Replies
Exchange Hybrid Best Practises about autodiscover
woelki in Exchange on
0 Replies