Is this by design or should it be -ErrorAction Stop? if by design, why?
The function Invoke-BitlockerEscrow
in the BitLocker key escrow script provided in the documentation suppresses errors from the BackupToAAD-BitLockerKeyProtector
cmdlet using -ErrorAction SilentlyContinue
. As a result:
- If the cmdlet fails, the error is silently ignored.
- The script proceeds as if it succeeded (
Write-Output
), despite a failure. - The scheduled task is removed regardless, preventing retries unless another ODMAD action is created and sent to the device.
- There is no feedback mechanism for alerting the administrator of a failure.
This creates a false sense of success and introduces risk if key escrow silently fails.
function Invoke-BitlockerEscrow ($BitlockerDrive,$BitlockerKey) {
#Escrow the key into Azure AD
try {
BackupToAAD-BitLockerKeyProtector -MountPoint $BitlockerDrive -KeyProtectorId $BitlockerKey -ErrorAction SilentlyContinue
Write-Output "Attempted to escrow key in Azure AD - Please verify manually!"
exit 0
} catch {
Write-Error "Error Occurred"
exit 1
}