Windows 10: Bitlocker Azure Joined - Save recovery key to cloud greyed out

HI


Azure domain joined machine.

Machine was encrypted fine for few months then showed error about not being able to complete encryption.

Machine was decrypted to try resolve.

When trying to re-encrypt the machine the only option i get which isnt greyed out for saving the recovery key is 'save to USB drive'


The options i should be able to choose is 'save to azure cloud account'.


The recovery key from the first time the machine was encrypted is still showing in Azure admin centre fine.


Troubleshooting done:

All windows profiles have the same issue.

Removing machine from domain and re-adding, still has issue.

Enabling bitlocker through powershell, doesnt fix.


I have been passed from the Office 365 team, to the Azure team, to the Windows team, and now Windows have told me to go raise it with Azure again.

:)

 

Bitlocker to Go - option to save recovery key "Save to your cloud domain" is missing.

Hi,

I am implementing Bitlocker to Go for my Customer. All machines are
joined to Azure AD and users are in AAD to (sync'ed from on-prem using AAD Connect). OS drive is encrypted using Bitlocker and recovery keys for OS drive are successfully saved in AAD and accessible under a user profile.

When I try to enable Bitlocker to Go on removable media I expect to see "save to your cloud domain account" option in addition to "Print the recovery key" and "Save to a file" options for recovery key location. Unfortunately "in your Cloud domain option"
is not available.

If I encrypt a data drive, this option is available. So it looks like it is missing for removable media only... I am wondering if it is by design or I am missing something?

One more note: the device is managed by Intune, and the option to save recovery key in AAD is enabled for OS Drive and Data drives, but Intune does not have such option for removable media...

Regards,

Alex

 

Unable to save BitLocker recovery key to cloud domain account

I have enabled BitLocker after upgrading to Windows 10 Pro account (from Windows 10 Home). My internal hard drive appeared to be already encrypted (not sure how) and there is a recovery key listed in my cloud domain account. I have now encrypted my external
backup drive also, and am trying to store the recovery key for that drive in my account. I click "Save to your cloud domain account", and a pop up appears saying "please wait while recovery key is saved". This completes, with no errors displayed. But when
I look in my cloud account, I still just see the original recovery key from my internal drive listed, and no new key appears in the list. If I save the key to file, it saves fine (but that is not a good long term solution for me). Does anyone know how to actually
save this key to the cloud account?

Thanks

 

Bitlocker and Azure Active Directory

When setting up Bitlocker on an Azure AD connected device, you have the following options: https://i.imgur.com/MHbPBu6.png

A question about the exact wording of "Save to your cloud domain account". IMO that's not totally clear where it stores it. It infers, to me, that it would save it against my user domain account. However, I suspect it's saved against the device in Azure
AD as that's the only place I can see this. Is this correct?

At the moment, the laptops are set-up by IT using their own account and a key step is to save the Bitlocker key. However, when a user first logs on, we also save it there. I suspect this later step is not needed.

Supplemental question - on the page linked below (which is the link from the Bitlocker screen), it says to access your Microsoft Azure account to get the Bitlocker key:

Find my BitLocker recovery key

Can I also confirm that this misleading for normal users as the profile page that this takes you to has no information about Bitlocker:

https://i.imgur.com/MeWkcdN.png

And that the only way a user can retrieve their Bitlocker recovery key is to ask an admin with access to the Azure portal to look it up based upon their computer name?