Various Bitlocker policies in Intune

Iron Contributor

What is the difference (and the purpose of having two places) between configured BT policy in:

 

Devices | Configuration profiles | Endpoint protection | Configuration settings | Windows Encryption

vs

Endpoint security | Disk encryption

 

The first one is full set of configurable options, while the second one has some subset (not even an option for BitLocker recovery Information stored to Azure Active Directory = Backup recovery passwords only)

With only the Endpoint security | Disk encryption policy applied, I have NO keys in Azure No BitLocker recovery key found for this device

 

Anybody any ideas?

 

Seb

7 Replies
2 questions...

1. I would stick with the endpoint security one..
2. I bet you didn't configured the settings... if you configure the BitLocker - Fixed Drive Settings you could configure the Require device to back up recovery information to Azure AD

@SebCerazy +1 to @Rudy_Ooms_MVP  comments. Also, you may want to check in the BitLocker event logs on the endpoint to look for clues. 

@Rudy_Ooms_MVP 

 

Why would you assume I did not configure something?

 

SebastianCerazy_0-1676989957469.png

 

@rahuljindal-MVP 

 

Are the logs going to give me an answer to this question?

 

What is the difference (and the purpose of having two places) between configured BT policy in:

 

Devices | Configuration profiles | Endpoint protection | Configuration settings | Windows Encryption

vs

Endpoint security | Disk encryption

Because you didnt showed the settings when first posting the question... I am not good at guessing how each setting could be configured 🙂
Assume that if somebody serious ask a question, they did check all before (I am not an end user)
Good luck with getting answers then.