Back in May, a report suggested that Microsoft was looking to default-encrypt Windows 11 24H2 Home PCs. This could lead to potential performance loss, even on fast NVMe SSDs, though CPUs can be a different story with AMD touting a massive encryption performance boost (AES-XTS) with its newly released Ryzen 9000 series processors.
The problem with this situation is that users will need to have a BitLocker recovery key if this were to happen, and it is one of the benefits of having a Microsoft Account (MSA) over a local account.
Another scary situation arose recently where users found their PCs booted into a BitLocker recovery screen after last month's Patch Tuesday updates. At the time of writing the issue is still unresolved with Microsoft seemingly still investigating it.
Perhaps looking at the upcoming change in 24H2 as well as the boot bug, Microsoft has now added a bunch of new guides to its official website regarding BitLocker device encryption. In particular, two of them are certainly the most useful ones which walk users through finding their BitLocker recovery key and backing up the said key.
Microsoft has elaborated the steps necessary to retrieve the key:
Attached to your Microsoft account
If the BitLocker recovery key is backed up to your Microsoft account, follow these steps to retrieve it:
From another device, open a web browser and go to https://aka.ms/myrecoverykey
Sign in with your Microsoft account and locate the key ID:
Use the related recovery key to unlock the drive
Notes:
If the device was set up, or if BitLocker was turned on, by somebody else, the recovery key might be stored in that person’s Microsoft account.
Starting in Windows 11, version 24H2, the BitLocker recovery screen shows a hint of the Microsoft account associated with the recovery key.
Attached to your work or school account
If your device was ever signed into an organization using a work or school account, the recovery key could be stored in that organization's account. You might be able to access it directly, or you might need to contact the IT support for that organization to access your recovery key.
From another device, open a web browser and go to https://aka.ms/aadrecoverykey
Sign in with your work or school account
Select Devices and expand the device for which you need to retrieve the recovery key
Select the option View BitLocker Keys
Using the key ID, find the related recovery key and use it to unlock the drive
Besides the ones above, Microsoft has also recommended that users look at printouts and USB flash drives in case they were saved there.
The tech giant has also explained why backing up the BitLocker recovery key is crucial. "It’s important to verify that this backup exists and is accessible, or to create an extra backup of your own" says Microsoft.
Following that, the company has detailed the steps to create a BitLocker key back up:
From Start , type BitLocker and select Manage BitLocker from the list of results
In the BitLocker app, select Back up your recovery key next to the drive you want backup
Select where you want the key backed up
Save to your Microsoft Account - This will save the key in the recovery keys library of your Microsoft Account
Note: If you're signed into a computer managed by your work or school this may say Save to your Azure AD account instead.
Save to a USB flash drive - If you have a flash drive handy you can save the key to it. If your device asks for the recovery key in the future, insert that USB drive and follow the instructions. The key takes only a couple of KB of space so the drive doesn't have to be large
Important: Don't store this USB flash drive with the key on it with your computer. If a thief were to get the computer, they could steal the flash drive and bypass BitLocker encryption, leaving your data vulnerable.
Save to a file - You can save your recovery key as a plain text file on any device. If you need that file in the future just open it with a text editor like Notepad. You can't save the file to the BitLocker encrypted drive, so you might have to save it to a USB drive if you don't have a second, unencrypted, volume on the device
Tip: copy the text file to your OneDrive Personal Vault for safe and secure storage, that can be readily accessed from any device if you need it.
Print the recovery key - You can print the recovery key if you prefer
Important: Store that printout somewhere safe and don't keep it with the computer. If a thief were to steal the computer and the printed recovery key they could bypass BitLocker encryption, leaving your data vulnerable.
Select Finish
You can find these guides as well as more BitLocker details here on Microsoft's official website.
5 Comments - Add comment