Bitlocker recovery key and re-image using MECM
Just a question I have around Bitlocker.
So I have a OSD Task sequence which setups Bitlocker on the machine. I have installed the optional features for Bitlocker Administration on a domain controller and once the machine is online, Bitlocker is operational and works fine, I can also see that the recovery key is shown in AD.
However, if I was to reimage the machine, apart from removing the computer entry in AD and MECM device. What would happen with the recovery key? I assume it changes when I rebuild the device.
I ask as I have heard that if the machine is built with the same client hostname, numerous records can start to appear for recovery keys but I dont want this to occur.
Would just removal of the AD computer object and device name in MECM be enough to ensure a unique recovery key is generated all the time?
Just to add I am aware MBAM has or is being phased out. If machines are still be managed on-premises with MECM only. Would using AD be the best approach or using the Bitlocker feature in MECM? I believe the latter requires MECM to be configured with https?
Is it relatively easy to convert from http to https and can I do this without using a public cert? in other words can I create and use a self assigned cert?
Many thanks in advance for support.