BitLocker is Prompting for a Recovery Key, and You Cannot Locate the Key

BitLocker Overview

BitLocker is a Microsoft encryption product that is designed to protect your data on a computer. If a problem with BitLocker occurs, you encounter a prompt for a BitLocker recovery key. If you do not have a working recovery key for the BitLocker prompt, you are unable to access the computer.

How Was BitLocker Activated On My Device?

There are three common ways for BitLocker to start protecting your device.

1. Your device is a modern device that meets certain requirements to automatically enable device encryption: In this case, your BitLocker recovery key is automatically saved to your Microsoft account before protection is activated.
2. An administrator of your device activated BitLocker protection (also called device encryption on some devices) through the Settings app or Control Panel: In this case whoever activated BitLocker selects where to save the key or (If the device is encrypted) it is automatically saved to their Microsoft account.
3. A work or school organization that is managing your device (now or in the past) activates BitLocker protection on your device: The organization should have your BitLocker recovery key.

Beginning in Windows 8.1, Windows automatically enables BitLocker Device Encryption on devices that support Modern Standby. With Windows 10 and 11, Microsoft offers BitLocker Device Encryption support on a broader range of devices. These include those that support Modern Standby, and devices that run Windows 10 Home Edition or Windows 11. All computers that Dell ships are Modern Standby compliant and the above applies. A registry key that Dell leaves in a neutral state controls this behavior, it does not prohibit or enforce encryption. Windows interprets this as an approval to encrypt.

Someone with full administrative access to your device may intentionally activate BitLocker encryption on your behalf. That could be you, or someone working for an organization that manages your device. Dell does not enable BitLocker on any device, but Someone during setup or an administrator during domain configuration can enable BitLocker.

A BIOS update can trigger a BitLocker Recovery event. (The Platform Configuration Register (PCR) banks between the time Windows run and the time that the BIOS is flashed, changes.) However, all Dell BIOS updates suspend BitLocker before the flash so a BitLocker Recovery event cannot occur as a result of updating the firmware. If the computer goes into recovery mode, it is likely due to an external drive being connected as it changes the boot drive enumeration. You can configure this in the BIOS. Outside of this specific scenario, there is not an event that triggers BitLocker encryption unexpectedly. The BitLocker encryption process happens in the background and often goes unnoticed until a Recovery event occurs.

The BitLocker setup process enforces the creation of a recovery key at the time of activation. You must reset your device using one of the Windows recovery options, if you cannot locate a BitLocker recovery key or revert a configuration change. Resetting your device removes all your files.

BitLocker Recovery Key Storage Options

Recovery keys may be saved in several ways depending on the version of Windows installed. The following list describes the supported options to save a key per each operating system version and may aid in locating a saved key (if present):

For Windows 10 and 11:

• A key may be saved to your Microsoft Account by default (search BitLocker Recovery Keys to retrieve the key).
  • If you have a modern device that supports automatic device encryption, the recovery key is most likely in your Microsoft account. For more, see Device encryption 
  • If the device was set up or someone else activated BitLocker protection, the recovery key may be in that person’s Microsoft account.
• A key may be saved to a USB flash drive (Plug the USB flash drive in to your locked personal computer and follow the instructions. If you saved the key as a text file on the flash drive, use a different computer to read the text file)
• A key may be saved to your Azure Active Directory account (for business computers where you sign in with an Azure Active Directory account, to get your recovery key, see the device info for your Microsoft Azure account).
• A key may be manually saved as a file (Network drive or other location).
• A key may be physically printed manually.

For additional information about BitLocker and the process of recovery, see the following articles:

• Find my BitLocker recovery key: https://support.microsoft.com/help/4026181/windows-10-find-my-bitlocker-recovery-key

• How to decrypt BitLocker: Automatic Windows Device Encryption or BitLocker on Dell Computers

• For additional information about BitLocker Encryption and how it is installed on Dell computers, see Dell Knowledge Base article: Automatic Windows Device Encryption or BitLocker on Dell Computers

• For additional information about BitLocker Encryption Keys and recovery, see Microsoft Knowledge Base article: Finding your BitLocker recovery key in Windows

• Known BitLocker issues: BitLocker recovery known issues - Windows security | Microsoft Docs

Out of warranty? That is not a problem. Browse the Dell.com/support website and enter your Dell Service Tag and view our offers.