The machines that have been encrypted in that time would upload their keys upon connecting to the ePO server. User passwords and attributes are tracked with timestamps and password changes and the like will be uploaded to ePO also. Users may be removed from these systems as ALDU only runs upon the start of the Drive Encryption service. Because the users will not be removed until the key has been uploaded to ePO successfully, there is always the ability to perform a machine recovery if the users are removed.
The typical use case for FRP Removable Media is to use a recovery key either a standard key or a User Personal Key. These are cached locally but will not be uploaded to ePO. Drives that were initialized during that time will need to reinitialized if the keys no longer exist in ePO.
It is recommended that incremental backups are taken daily and full backups are taken once or twice a week. Because this is MSSQL, standard backup practices of the DB can be used. As with any backups, it is recommended that be checked from time to time to ensure that the backup process is successful. Specific directories of the ePO server will also need to be backed up.
For specific information about backup and recovery of the ePO server can be found in KB66616
thank you for such a detailed answer!