If you have been migrating from a local MBAM to Intune the easy way, by running a script on the client to get the bitlocker recovery key escrowed to Intune, you will need a way to check if all the devices have the key stored on Intune so you can safely decommission MBAM.
Here is a small script that gets you a csv file with what you need.
You will need to install Microsoft Graph Powershell before running and decide where you will store the output file in the first line of the script.
$outfile="c:\temp\DevicesWithoutBitlockerKeys.csv"
Connect-MgGraph -scopes "BitLockerKey.ReadBasic.All", "DeviceManagementManagedDevices.Read.All"
Select-MgProfile -Name v1.0
$BLRK=Get-MgInformationProtectionBitlockerRecoveryKey -All -Property "id, createdDateTime, deviceId" | Select-Object -Property id, createdDateTime, deviceId
$DEV=Get-MgDeviceManagementManagedDevice -All -Property "deviceName,id,azureADDeviceId" -Filter "operatingSystem eq 'Windows'" -ErrorAction Stop -ErrorVariable GraphError | Select-Object -Property deviceName, id, azureADDeviceId
$NBLRKD=$DEV | Where-Object { $PSItem.azureADDeviceId -notin $BLRK.deviceId }
$NBLRKD | Export-Csv -Path $outfile
Write-Output "The devices without a Bitlocker Recovery Key are here" $outfile
Disconnect-MgGraphUse at your own risk 🙂