For multiple recovery key, based on my research, it may caused that the bitlocker process is interrupted in between either due to machine level issues like with TPM, or with the end user actions, the process starts again causing the service to generate multiple keys. If you have more question, you can open case with AAD or windows support to know it more. https://learn.microsoft.com/en-us/answers/questions/504127/why-bitlocker-recovery-keys-generated-multiple-tim.html
In your description, I notice the device shows not compliant after we enable secure boot. Could you check if the user check in time has updated. If not, please go to the affected device, install company portal, open it , tap Device, select the device and under Device Status, click "check access" to see if the compliant status will be changed.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
For multiple recovery key, based on my research, it may caused that the bitlocker
bitlocker
BitLocker is a Windows security feature that protects your data by encrypting your drives. This encryption ensures that if someone tries to access a disk offline, they won't be able to read any of its content.
process is interrupted in between either due to machine level issues like with TPM, or with the end user actions, the process starts again causing the service to generate multiple keys.
If anything changes on the disk/drive that has BitLocker the a new recovery key will be generated. When you complete a clean install you will see another if you enable BitLocker or it is enabled automatically.
BitLocker stores system details when first turned on and prompts for a recovery key if major changes are detected. If prompted on every startup, one can update BitLocker's record of the system by suspending and resuming BitLocker.
Each computer that has BitLocker setup will require that this process be carried out, and a new, unique recovery key be created for each device and drive.
Skip the first Bitlocker recovery key prompt by pressing Esc 4. Skip the second Bitlocker recovery key prompt by selecting Skip This Drive in the bottom right 5. Navigate to Troubleshoot > Advanced Options > Command Prompt 6. Type bcdedit /set {default} safeboot minimal, then press Enter 7.
BitLocker is a Microsoft encryption product that is designed to protect user data on a computer. If a problem with BitLocker occurs, you encounter a prompt for a BitLocker recovery key. If you do not have a working recovery key for the BitLocker prompt, you are unable to access the computer.
The BitLocker recovery key is created when a file system is BitLocker encrypted. Providing the file system is not re-formatted or BitLocker is turned off, the key remains the same. If you reapply BitLocker a new recovery key will be created.
Bitlocker keys don't expire. The only time you would need to do this is when the machine protected by Bitlocker is reimaged or the TPM subsystem is reset in some way.
In most situations, your BitLocker recovery key is automatically backed up when BitLocker is first activated: If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online.
Open File Explorer, and right-click the BitLocker encrypted drive, and then click Unlock Drive. If you do not remember your Windows BitLocker password, click More Options, and then click Enter recovery key. Enter the BitLocker recovery key to unlock the drive. The recovery key is created when BitLocker is first set up.
If you experiences that the computer shows BitLocker recovery screen after power on, it means that the HDD/SDD has been encrypted. (HDD/SDD is locked.) Once PC hardware components have been replaced or BIOS settings have been changed, all may cause system shows BitLocker recovery screen after power on.
Bitlocker keys don't expire. The only time you would need to do this is when the machine protected by Bitlocker is reimaged or the TPM subsystem is reset in some way. Then you need to reset the computer account in AD to remove the Bitlocker information.
The BitLocker recovery key is created when a file system is BitLocker encrypted. Providing the file system is not re-formatted or BitLocker is turned off, the key remains the same. If you reapply BitLocker a new recovery key will be created.
If a period of 320 minutes elapses with no authorization failures, the TPM does not remember any authorization failures, and 32 failed attempts could occur again. In short, you can fat finger the Bitlocker recovery key as many times as you want as long as you are willing to wait.
Address: Suite 228 919 Deana Ford, Lake Meridithberg, NE 60017-4257
Phone: +2613987384138
Job: Chief Retail Officer
Hobby: Tai chi, Dowsing, Poi, Letterboxing, Watching movies, Video gaming, Singing
Introduction: My name is Zonia Mosciski DO, I am a enchanting, joyous, lovely, successful, hilarious, tender, outstanding person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.