Bitlocker is a Windows feature that encrypts your hard drive, protecting it from unauthorized users.
Bitlocker has locked me out, i.e. Recovery Mode
Bitlocker relies on integrity factors to ensure it is not bypassed, and if it detects that integrity has been tampered with, Bitlocker will go into recovery mode, requiring the BitLocker recovery key before you can get any access to your hard drive, including to fully boot Windows. Integrity factors that may trigger recovery mode include:
- 3rd party updates to TPM firmware, UEFI or BIOS configuration, or secure boot configuration
- Changing the boot drive
- Making significant changes to the hardware
- Removing or fully depleting a computer battery
Each computer can configure which integrity factors are significant, but in most cases, the default set are used.
Bitlocker Recovery Key
The recovery key (a 48 digit code) is only available when Bitlocker is enabled. In all cases, the recovery key is saved somewhere. Where that location is depends on the circumstances at the time Bitlocker was enabled.
If the Bitlocker enable event happened:
- after you registered the device with Azure AD, the recovery key should get stored in Azure AD. You can retrieve it via: https://myworkaccount.microsoft.com/device-list
- NOTE: if your computer has been renamed *after* you enabled Bitlocker, then you may need to look under the old name
- after you joined the NETID Active Directory (or another AD), then depending on configuration settings in your delegated OU, the recovery key may be saved in AD. Talk to your delegated OU admin or IT unit for help. More details about Delegated OU Bitlocker options
- while you were using a (consumer) Microsoft account to sign in, Windows will save the recovery key to your (consumer) OneDrive. You can retrieve the recovery key via: https://account.microsoft.com/devices/recoverykey?refd=support.microsoft.com
- if none of the above conditions are met, then Windows will ask for a USB drive location to save the recovery key on. You can check your USB drives for the key.
NOTE: just because your device is currently Azure AD registered or AD joined does not mean your device had the same state when Bitlocker was enabled.
If you can’t locate the Bitlocker recovery key, you can send an email to UW-IT to see if they can locate the recovery key. Include the computer name and your UW NetID. UW-IT will only be able to assist in a small number of cases, based on the scenarios outlined above and your choices.
If there’s no Bitlocker recovery key, you’ll need to reformat and reinstall Windows.