Weird story: We have close to 100 workgroup laptops which are managed in SCCM (ICBM). We want to move them to Intune only without CMG. They all have BitLocker enabled on them. Here is what we do:
Uninstall SCCM Client
Change OS from education to pro
Join to azure with laptop's owner user account
backup BitLocker recovery key to cloud
Set user as standard user.
Most of these laptops are 1803 and we want them to be upgraded via Intune. After 15 successful laptops, a laptop was unable to backup to domain cloud. Checking with google I found out that an event log folder names BitLocker-API contains all the information about the BitLocker encryption process. I found error 846 detailing "Access Denied". My google search found nothing so far.
I decided to manually upgrade to 1909 and got the same result in my BitLocker. I than attempted to disconnect from Azure, delete the computer from both Intune and Azure and rejoin to Azure. This time I got both the "Can't backup to domain cloud" and "Your Active Directory domain schema isn't configure" ???
I am at a loss, I can't reset the computer because of the Corona Virus.