Pro Troubleshooting for Bitlocker Recover Key (aka.ms/recoverykeyfaq)
aka.msrecoverykeyfaq

Pro Troubleshooting for Bitlocker Recover Key (aka.ms/recoverykeyfaq)

In today’s world you must know how to secure your system drive by enabling Bitlocker (aka.ms/recoverykeyfaq). You also must know how to get the Bitlocker key and disable it when required.

Let’s talk about all details of Windows encryption by using Bitlocker without pay additionally.

What is Bitlocker? (aka.ms/recoverykeyfaq)

If your personal or official data is stolen while you travel, it can be disastrous. You must make sure that data is protected against unauthorized access.

Microsoft provides BitLocker, an inbuilt security feature that protects system data. BitLocker encrypts entire disk drives and logical drives with all their contents. Also provide all possible solution on aka.ms/recoverykeyfaq.

The system encryption prevents others from accessing your files if it is stolen or the hard drive gets connected to another system.

BitLocker can also be used on external storage drives. You must be authenticated to gain access to encrypted drives.

Windows uses the Trusted Platform Modul (TPM), which checks if the computer’s startup process has been modified. You must use it to prevent physical attacks and boot sector viruses.

The TPM chip is a special chip that checks your hardware, firmware, and software for unauthorized changes. The TPM will cause your computer to boot in restricted mode if it detects any unauthorized changes to deter potential attackers.

Using BitLocker with TPM, data is locked and decrypted when the correct credentials are passed to the system.

How to Enable Bitlocker for Drive and Device Encryption?

System prerequisite: BitLocker has the following prerequisite:

  • The system BIOS must be set up to use modern UEFI modes.
  • To enable the Secure Boot mode in BIOS, you should set it.
  • In BIOS, a Trusted Platform Modul (TPM) must be enabled.
  • The system must be running a TPM version of 1.2 or higher.
  • If Bitlocker doesn’t have TPM hardware, Bitlocker will ask you to save a startup code on a removable device.
  • The hard disk must be partitioned into a minimum of two drives with an NTFS file system:
    • OS boot drive: It keeps the OS and its support files,
    • Additional drive for BitLocker: The drive must not contain encryption and should have a minimum of 1.5 GB.
  • BitLocker doesn’t support dynamic disks.

There are multiple ways to enable BitLocker on the OS, so please follow the steps which you like: 

  • Windows 7:
    • Start Menu –> Search box –> type “Manage BitLocker
    •  Or, Start Menu –> Control Panel –> System and Security –> BitLocker Drive Encryption
    • Or, Open My Computer –> Right click on the drive and select Turn on BitLocker 
  • Windows 10:
    • Start Menu –> Search box –> type “Manage BitLocker
    •  Or, Start Menu –> Control Panel –> System and Security –> BitLocker Drive Encryption
    • Or, Open My Computer –> Right click on the drive and select Turn on BitLocker
    • Or, Start Menu –> Settings –> In the search box, type “Manage BitLocker ” –> Select Manage BitLocker 
  • Then click Turn on BitLocker button
Bitlocker Recover Key (aka.ms/recoverykeyfaq)
BitLocker Drive Encryption
  • Select your prefer backup option to save the recovery key,
  • Next, and then select an option from below Encryption option
    • Encrypt used space only, 
    • Encrypt entire disk, 
  • Next, Select New Encryption Method, 
  • Next, Run BitLocker system check 
  • Continue and restart system to start the encyption to start.

What is Bitlocker Recovery Key? 

BitLocker or Microsoft recovery keys are generated when BitLocker is used to encrypt a drive. Microsoft recovery key can be used for unlocking/decrypting the encrypted drive in case of a lost password or Hard disk or motherboard get change.

BitLocker protects your data against unauthorized access. BitLocker’s recovery key is a 48-digit password that is used to unlock the computer. You can save the key in a file, Microsoft account, or any shared network location. 

Windows will prompt for a BitLocker Recovery Key when an unauthorized attempt is made to read the data. It can’t distinguish between any hardware, firmware changes, or real attacks. Microsoft also has shared the details on aka.ms/recoverykeyfaq site.

How to get Bitlocker Recovery Key?

Search in Microsoft Account: (aka.ms/recoverykeyfaq)

You can use this option to retrieve the recovery key if you’ve saved it to your Microsoft account.

Open the site: https://account.microsoft.com/devices/recoverykey, and look for the recovery key under the devices tab.

Bitlocker Recover Key (aka.ms/recoverykeyfaq)
Bitlocker Recover Key (aka.ms/recoverykeyfaq)

Use a USB flash Drive:  

You can also connect to the earlier USB flash drive where you saved the Bitlocker recovery key. Key gets saved as a text file. Connect the USB flash drive into your locked PC and proceed. 

Use Printed or Saved Recovery File: 

You can also search for a recovery key if saved on your system. You can search with the keyword “BitLocker Recovery Key” on your system or any other storage device.

If you’ve saved by printing in hard copy, then also search the location where you saved your important files.

Recovery from Active Directory / Azure Active Directory: 

If your system is part of the domain then you must log on with a work email account, in that case, the Bitlocker recovery key could be saved in that organization’s AD or Azure Active Directory. For more info please check out aka.ms/recoverykeyfaq page. 

It could be possible to check it from any device after logging in with your credentials if the admin allows it. Or you may need to contact your Domain administrator to get the recovery key.

If you are a domain administrator, then you use the BitLocker Recovery Password Viewer tool to view the recovery password from computer objects in the active directory.

How to get Bitlocker Recovery Key ID from CMD?

You can execute the following commands in CMD or PowerShell to get check the status and to get the recovery key. For example, I’ve used D drive, you may change accordingly.

#How to get the current status of BitLocker enabled drive for example D drive
manage-bde -status d:

#How to get bitlocker recovery key with key id
manage-bde -protectors d: -get

#Forcing a Recovery of BitLocker Key
manage-bde -forcerecovery d:

How to Disable Bitlocker in Windows 10 from CMD?

Please check the following commands to unlock and disable Bitlocker through coomands.

#Unlock a Bitlocker Drive
manage-bde –unlock d: -RecoveryPassword XXXXXX-XXXXXX-XXXXXX-XXXXXX-XXXXXX- XXXXXX-XXXXXX-XXXXXX

#Disable bitlocker in windows 10
manage-bde -off d:

Please check this page for more learning resources…..

Please also take following course for more learning….

Advance IT Troubleshooting for Desktop Support Professional
Advance IT Troubleshooting for Desktop Support Professional
Azure Active Directory PowerShell for Microsoft Office 365
Azure Active Directory PowerShell for Microsoft Office 365

Leave a Reply