BackupToAAD-BitLockerKeyProtector cmdlet using -ErrorAction SilentlyContinue

Is this by design or should it be -ErrorAction Stop? if by design, why?

The function Invoke-BitlockerEscrow in the BitLocker key escrow script provided in the documentation suppresses errors from the BackupToAAD-BitLockerKeyProtector cmdlet using -ErrorAction SilentlyContinue. As a result:

  • If the cmdlet fails, the error is silently ignored.
  • The script proceeds as if it succeeded (Write-Output), despite a failure.
  • The scheduled task is removed regardless, preventing retries unless another ODMAD action is created and sent to the device.
  • There is no feedback mechanism for alerting the administrator of a failure.

This creates a false sense of success and introduces risk if key escrow silently fails.

 

function Invoke-BitlockerEscrow ($BitlockerDrive,$BitlockerKey) {
   #Escrow the key into Azure AD
   try {
       BackupToAAD-BitLockerKeyProtector -MountPoint $BitlockerDrive -KeyProtectorId $BitlockerKey -ErrorAction SilentlyContinue
       Write-Output "Attempted to escrow key in Azure AD - Please verify manually!"
       exit 0
   } catch {
       Write-Error "Error Occurred"
       exit 1
   }