In both scenarios, if we switch on the system, it won’t directly boot into full OS but rather show you the message BitLocker recovery prompt with message Enter the recovery key for this drive. Let’s assume disk is stolen or some hardware changes have been made.
Recover the drive using Recovery Password Recovery key is the information someone needs unlock the drive to access it. For the device which I encrypted, I can see there are 2 rows containing Key ID and 48 digit Recovery Key which is also called Recovery Password.ĭrive with OSV is the Primary Drive containing OS, while FDV is the secondary drive. We can see recovery key information of all devices we have. Under Bitlocker data protection click Manage recovery keys and then click on Show other available keys to get list of all recovery keys you have. Login to Microsoft Account which will display list of all devices you have. You can verify Recovery Password details on Microsoft Account
How to find BitLocker Recovery key on Microsoft Account You must need to save it on USB flash drive or else you will get error message This location can’t be used, Your recovery key can’t be saved to an encrypted drive. Once Save to your Microsoft account is selected, the recovery key will be saved again on Microsoft account.įor Data drive you can’t use Save to a file option with local drive selected as all drives are encrypted. Save to a USB flash drive as this is a data drive not containing system files. On How do you want to back up your recovery key page, we have 1 more option available ie. Automatically unlock this drive on this computer.Īs this is Data drive (not containing system files / OS files), we have option to automatically unlock or if not selected, every time we have to provide recovery password to unlock it. Same way we can encrypt D drive, this time we will get one different option ie. Once the encryption process is completed, run the command again and now we see the status:Ĭonversion Status: Used Space Only Encrypted Run following in command prompt with administrative rights: Manage-bde -status c: This can be checked through BitLocker Utility manage-bde. You can monitor the progress through GUI displayed. You may close the window, and it will continue in background. On Ready to encrypt this drive page, click on Start encrypting.Īllow some to encrypt the disk. For older device Compatible mode can also be selected.
XTS-AES which requires Windows 10 and above device. On Choose which encryption mode to use, select New encryption mode which provides the latest encryption technology ie. You can select encrypting entire drive as well which could take more time depending upon disk size and data.
On Choose how much of your drive to encrypt page, select Encrypt used disk space only as it is much faster. Once done, it will return to the same option with all 3 options present, click Next. This will initiate the encryption process of your drive while Saving Recovery Key to your Microsoft account.
We have 3 options:Īll 3 options can be used to save the information, but to save it on Microsoft account, lets go with 1 st option. Right click c drive and select Turn on BitLocker.īitLocker Drive Encryption page will open which will ask you to back up your recovery key. I have a workstation where I have logged in with Microsoft Account. Encrypt Drive – Save recovery key to Microsoft Account However using TPM with Secure Boot Enabled setting in BIOS gives the most efficient way of encrypting and saving the information in TPM Module. BitLocker can be used without TPM as well which requires a specific settings to be implemented if you wanted to use. This is applicable for Windows 10, Windows 11 and Windows Server 2016 and above.īitLocker requires Trusted Platform Module (TPM) version 1.2 or later (though not compulsory) which is a hardware component and nowadays all computer manufacturers provides it. Enable and recover BitLocker recovery keyīitLocker Drive Encryption is a kind of product for your devices which encrypts the device at hardware layer. However, using Microsoft account gives the flexibility of storing all your recovery password in a centralised place for all the devices you have.
Though we have other options also available to save the recovery key such as printing it, creating pdf file, saving it into a txt file which can be used at later stage. Once we enable Bitlocker, recovery key generated can be saved on Microsoft account. In this post we will see how to enable and recover BitLocker recovery key on Windows device.