Home > Questions

BitLocker mysteriously enabled and laptops dead in water. Help!

Woke up this morning with several users telling us they can't sign into Windows this morning because they have to enter a BitLocker key. The thing is that their laptops aren't BitLocker-enabled. We do have BitLocker enabled on another group of laptops and the recovery keys are saved in Active Directory. I checked the AD but didn't find the keys for the particular users who have BitLocker mysteriously enabled. We have recently been publishing a lot of HP and Intel updates via Patch Manager/WSUS. Could that be the issue that triggered BitLocker? Any suggestions for working around this? Thank you in advance!

Best Answered by

Jenny Zeng

Answered on Tuesday, August 27, 2024

To get past the BitLocker recovery screen, you have three choices: 1) enter the correct BitLocker recovery key, 2) roll back whatever changes you have made to your system, and 3) reinstall Windows.

The type of BitLocker encryption in your case is BitLocker Device Encryption. Unlike the standard BitLocker Encryption, the one you turned on for another group of laptops, Device Encryption is automatically initiated on the operating system drive and gets fully enabled after the recovery key is backed up to your Microsoft account.

BitLocker usually won't ask you to enter the recovery key unless you have made certain changes to your computer. In your case, I see that your organization has been publishing a lot of HP and Intel updates, which likely have triggered the BitLocker recovery screen.

Here are the ways to try if you want to bypass the BitLocker recovery screen:

1. Find the BitLocker recovery key

If the affected computer was logged in with a work or school account, you can find the BitLocker recovery key with the following steps:

  1. Log in to https://myaccount.microsoft.com.
  2. Head for Devices and click "Manage Devices."
  3. Click on your device to expand it.
  4. Click "View BitLocker Keys."
  5. Tap "Show recovery key."

If the affected computer was logged in with a personal account, try:

  1. Log in to https://account.microsoft.com/devices/recoverykey.
  2. Locate the recovery key of your device.

2. Reverse changes

In your case, the BitLocker recovery screen appears after installing certain updates. So, another way you can try is to go back to the previous build. Try disabling and reenabling Secure Boot as well.

3. Format the system drive and reinstall Windows

Suppose you can neither find the recovery key nor reverse the update; then you have only one choice: format your C drive and reinstall Windows. This will, unfortunately, erase all data on your laptop.

Also read:

How to Unlock BitLocker Drive Without Password & Recovery Key?