Work or School account login doesn't allow Bitlocker Key to be saved to Azure AD?

Chris Kenward
Chris Kenward used Ask the Experts™
When trying to get Bitlocker key saved to the Azure AD, I sometimes get this:

Can't sign in to your Microsoft Account
You need to be signed in to Windows with a Microsoft
account to save your recovery key. Sign out and then
sign in with a Microsoft account or go to
Settings and choose Accounts to change your
existing account.

This doesn't make sense to me. The user is signed in to his "Work or School" account which appears to register him with not only the Microsoft 365 apps etc. but also registers him and the laptop on the Azure Active Directory for the organisation. Under "Devices" in the AD his device appears with correct name.

It's only when attempting to save the BL key to the AD that we have this issue.

Is there perhaps another way to get the user signed in to the domain account but without having to tell Windows that the laptop is an organisation's laptop?

Confused of Berkshire!
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Tech Support
Isn't it strange - you struggle and struggle with something, then decide to ask for help.... then find the solution yourself! :)

For anyone else who is trying to get this to work, the answer is that the local user on the computer must have a Administrator type account - not a Standard User account. Once the user has been elevated to Administrator, the Bitlocker Key is saved nicely to the Active Directory.

Once the keys are saved to Azure's AD, simply downgrade the user again to "Standard User" and all shall be fine.

Apologies for asking a question and then almost immediately finding the answer. I hope my solution helps someone else in the same predicament.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial