Converting from storing your BitLocker keys in Active Directory to Azure AD? Good choice, together with Microsoft Intune you are very well positioned to manage BitLocker, with support of Key rotation from Intune and client side.

But maybe you noticed that not all your Windows device have stored the keys in Azure AD? No problem here is a quick and simple PowerShell script/oneliner to backup your recovery key to Azure AD

BackupToAAD-BitLockerKeyProtector -MountPoint $env:SystemDrive -KeyProtectorId ((Get-BitLockerVolume -MountPoint $env:SystemDrive ).KeyProtector | where {$_.KeyProtectorType -eq "RecoveryPassword" }).KeyProtectorId

BackupToAAD-BitLockerKeyProtector saves the key to Azure AD but it needs some input

Mountpoint – the systemdrive, usally C:

KeyProtectorId – the Id of the KeyProtector of RecoveryPassword type

Deploy and wait… the result should more or less be instant