# BitLocker {% embed url="" %} ``` PowerShell script to escrow { $BitlockerVol = Get-BitLockerVolume -MountPoint $env:SystemDrive $KPID="" foreach($KP in $BitlockerVol.KeyProtector){ if($KP.KeyProtectorType -eq "RecoveryPassword"){ $KPID=$KP.KeyProtectorId break; } } $output = BackupToAAD-BitLockerKeyProtector -MountPoint "$($env:SystemDrive)" -KeyProtectorId $KPID return $true } catch{ return $false } ``` if you run this script you will get the recovery key pushed out to intune and azure ad if any issue look at the above blog. To sync a BitLocker recovery key from on-premises to Azure AD, you can follow these general steps: Set up Azure AD Connect: Azure AD Connect is a tool that enables synchronization between your on-premises Active Directory and Azure AD. If you haven't already, install and configure Azure AD Connect on your on-premises server. Verify BitLocker recovery key attributes: In order to sync the BitLocker recovery key to Azure AD, you need to ensure that the relevant attributes are synchronized. By default, the BitLocker recovery key is stored in the msFVE-RecoveryInformation attribute of the computer object in Active Directory. Confirm that this attribute is included in the synchronization scope of Azure AD Connect. Configure BitLocker recovery key synchronization: To enable the synchronization of BitLocker recovery keys to Azure AD, you'll need to configure Azure AD Connect accordingly. Here's how: a. Launch the Azure AD Connect configuration wizard on your on-premises server. b. Go through the initial screens until you reach the "Optional features" section. c. Select the "Directory extension attribute sync" option. d. On the following screen, select the attribute that contains the BitLocker recovery key (typically msFVE-RecoveryInformation). e. Complete the configuration wizard and let the synchronization process run. Verify BitLocker recovery key synchronization: Once the synchronization process is complete, you can verify that the BitLocker recovery key is synchronized to Azure AD. To do this, follow these steps: a. Log in to the Azure portal ([portal.azure.com](http://portal.azure.com/)) with appropriate credentials. b. Navigate to the Azure Active Directory service. c. Select "Devices" from the left-hand menu. d. Choose "All devices" to view the list of devices synced from on-premises. e. Locate the device for which you want to check the BitLocker recovery key. f. Open the device details and look for the BitLocker recovery key information.