Is this by design or should it be -ErrorAction Stop? if by design, why? The function Invoke-BitlockerEscrow in the BitLocker key escrow script provided in the documentation suppresses errors from the BackupToAAD-BitLockerKeyProtector cmdlet using -ErrorAction SilentlyContinue . As a result: If the cmdlet fails , the error is silently ignored. The script proceeds as if it succeeded ( Write-Output ), despite a failure. The scheduled task is removed regardless, preventing retries unless another ODMAD action is created and sent to the device. There is no feedback mechanism for alerting the administrator of a failure. This creates a false sense of success and introduces risk if key escrow silently fails. function Invoke-BitlockerEscrow ($BitlockerDrive,$BitlockerKey) { #Escrow the key into Azure AD try { BackupToAAD-BitLockerKeyProtector -MountPoint $BitlockerDrive -KeyProtectorId $BitlockerKey -ErrorAction SilentlyContinue Write-Output "Attempted to escrow key in Azure AD - Please verify manually!" exit 0 } catch { Write-Error "Error Occurred" exit 1 }

BackupToAAD-BitLockerKeyProtector cmdlet using -ErrorAction SilentlyContinue

Is this by design or should it be -ErrorAction Stop? if by design, why?

The function Invoke-BitlockerEscrow in the BitLocker key escrow script provided in the documentation suppresses errors from the BackupToAAD-BitLockerKeyProtector cmdlet using -ErrorAction SilentlyContinue. As a result:

If the cmdlet fails, the error is silently ignored.
The script proceeds as if it succeeded (Write-Output), despite a failure.
The scheduled task is removed regardless, preventing retries unless another ODMAD action is created and sent to the device.
There is no feedback mechanism for alerting the administrator of a failure.

This creates a false sense of success and introduces risk if key escrow silently fails.

function Invoke-BitlockerEscrow ($BitlockerDrive,$BitlockerKey) {
    #Escrow the key into Azure AD
    try {
        BackupToAAD-BitLockerKeyProtector -MountPoint $BitlockerDrive -KeyProtectorId $BitlockerKey -ErrorAction SilentlyContinue
        Write-Output "Attempted to escrow key in Azure AD - Please verify manually!"
        exit 0
    } catch {
        Write-Error "Error Occurred"
        exit 1
    }