We had a user device showing as incompliant in Endpoint manager due to secure boot un-enabled.
In order to enable it, we converted the device from MBR to GPT, so we could switch it from Legacy BIOS to UEFI and then enable Secure Boot. As part of this process we had to turn BitLocker off and then back on after we completed this.
For some reason though, there are a ton of recovery keys generating, as shown in endpoint manager. I compared to other devices, and noted that other devices only have 1 recovery key and also something interesting I noted for Drive Type is that at some point it was generating for “Operating System Drive” multiple keys but now it switched the drive type to “Fixed data drive“
Why is it doing this? The device remains incompliant and cant find much information about this issue. I ran into this post here/answer but I dont think it applies since we dont have windows 10 v1809, instead windows 10 v20H2
Device info:
Edition Windows 10 Business
Version 20H2
Installed on 7/6/2020
OS build 19042.1706
Experience Windows Feature Experience Pack 120.2212.4170.0