Due to changes in how optional components are implemented, we are moving the installation of these before the final LCU install. This means cleanup may fail with a warning. Further, other changes include:
1) Moving some script comments into the main article, to improve readability. Most of this is related to the old approach where SSU was a separate update.
2) Adding Optional Components (or Legacy Features) to the script. This help ensure they are showcased before the LCU install.
3) Tweaked the main table of steps, to highlight SSU is coming from LCU, and the sequence change with main OS cleanup.
Updating as descriptions in CSP refer to AD DS yet when configured to backup to AD DS, Microsoft Entra hybrid joined devices, the BitLocker recovery password is backed up to both Active Directory and Entra ID. and Microsoft Entra joined devices, the BitLocker recovery password is backed up to Entra ID.
Previously before the template was migrated the backup of the recovery key was covered under 'Require device to back up recovery information to Azure AD';
Since the migration this setting now shows as 'Save BitLocker recovery information to AD DS for operating system drives';
Regardless of the wording in the UI, the recovery key is being backed up to Entra as expected for both Entra Joined (MM) and Hybrid joined (CM) managed devices
