BitLocker Recovery Keys in a Hybrid AAD Joined Device
When configuring Bitlocker through an Endpoint protection policy on a hybrid joined device, the setting "Store Recovery information in Azure Active Directory before enabling BitLocker" appears to set the OSRequireActiveDirectoryBackup_Name OMA-URI, which causes the key to be backed up to the on-prem AD DS and does not store the key in Azure AD.
The verbiage of this setting should be changed to reflect what it actually does, ideally it would back the key up to both locations for a hybrid joined device.
It seems to store these only against the device for Hybrid joined devices so the self service recovery for the user is useless. It would be nice if these could move to known user of a device.
I agree, this would be great so we can have the BitLocker Revovery keys saved to Azure AD for both Azure AD Joined computers as well as Hybrid Azure AD Joined ones that we still have many of.