If I have a Bitlocker policy in Intune and the recovery password rotation is turned on for both Azure AD and Hybrid-Joined devices. Now let say a workstation was triggered into recovery mode, and the user was able to grab the key from https://myaccount.microsoft.com and was successful in booting up to Windows. Before the Bitlocker was able to upload a new set of Recovery Key to Azure AD, the workstation died and had to reboot. It boots back to recovery mode.
Now, will the recovery mode still take the old recovery key? If so, why? Because to my understanding, the key is one-time use only. Or it needs the new recovery key that Bitlocker generated before it died and rebooted? And as mentioned this was not uploaded to Azure AD and does that mean that we won't be able to recover his drive?
Any insights on this will be great.
Thanks