Azure AD – New way to find the BitLocker recovery key
As you know when you enable BitLocker with Intune you have the option (highly recommended by the way) to save the recovery key into Azure AD.
1 min read
Recently I came across an issue turning on BitLocker with the error
BitLocker Drive Encryption cannot be applied to this drive because there conflicting Group Policy settings for recovery options on fixed data drives.
Also got the error before starting the troubleshooting
You can’t create both a recovery password and a recovery key
![image_thumb[1]](https://20001872.fs1.hubspotusercontent-na1.net/hubfs/20001872/Imported_Blog_Media/image_thumb1-238.png "image_thumb[1]"){kind=small}
The policy to enable and enforce BitLocker is set on Intune/Endpoint Configuration Manager and the device has been refreshed (auto-pilot).
The device used to already have BitLocker enabled before the refresh process and re-assignment to another user.
After some troubleshooting and investigation, it was found that a registry key was the root cause of this ‘so called conflict’
HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftFVE
with the below values
“FDVRecoveryPassword”=dword:00000000
“FDVRequireActiveDirectoryBackup”=dword:00000001
The FVE key is not created by Intune policy and should not be present when BitLocker is managed by Intune.
Deleting the complete FVE key solved the problem.
Restrict Access to BitLocker Recovery Key (Preview)
When BitLocker is enabled on a Windows device, the recovery key can be saved to Azure Active Directory (Azure AD), a USB, a file, or even printed....
Windows 10 – A free file recovery tool from Microsoft
There are already thousands of file recovery tools on the market, some free, some expensive, all with different capabilities and actual results.