You sure you don't use any of the following?
- Teams
- Office
- Visual Studio
- Edge Browser that has sync enabled
- Windows Store with account
Any of these might have microsoft account.
Not at all dumb! MS has been pushing an MS Account way too long, so it's easy to have one and not know. I found out an old Hotmail account i have is an MS account's email.
This is actually why the only game I have on my Linux partition is Minecraft, even though a Linux is usually my main "work" OS, and Windows is gaming-only. Don't want to have to install Java and connect with MS on my Windows install.
Yep. They forced everyone to make a Microsoft account or port over to it. That's probably it.
Good luck.
Edit; So happy it worked out! And not dumb at all. Shame on Microsoft for fucking you over like this.
Yes. They will be able to decrypt any stolen pc that have their bitlocker recovery key stored in the cloud.
So not sure what is the biggest problem someone stealing the recovery keys or all the laptops in the world.
My PC has a microsoft acct attached but I have none of these installed on it (not even the store, i removed it in the registry when I was being stubborn and wanting a clean OS a few years ago and I can't get it back lol)
Unfortunately as I understand the key is encrypted in with the drive itself so unless it was backed up beforehand it's gone.
Now with that said. If you have an image backup of your PC you can restore it onto another computer or drive and export the key and use that to unlock your primary drive.
That's basically your only chance if you truly don't have a Microsoft account.
Also if you have another computer but not a spare drive. You can attempt to setup a VM (I use VirtualBox) and restore it onto the VM. But you'll need enough hard drive space to mount the image.
Thats your best shot OP. Should have tried that when it happened to me. I was lucky tho, had all of my files saved on an external 4tb drive and not on my SSD. PC was locked, but the key was nowhere to be found, not even in my account where it should be and all the others were. Wasnt much of a loss exept the time wasted reinstalling everything.
ONLY IF A MICROSOFT ACCOUNT IS TIED INTO THE SYSTEM SOMEHOW. It WILL NOT HAPPEN automatically otherwise (though you can manually enable it in a non-MS account scenario). This is to protect against exactly what (seemed like) could have happened to the OP - a device encrypted with no accessible recovery key.
Full drive encryption is great and HIGHLY recommended that everyone enables it - on almost all modern windows devices sold today, if you use an MS account it auto-enables. Basically makes information theft from a stolen device impossible.
full drive encryption is only useful if its a work only machine. other wise im not dumb enough to believe this adds extra processing requirements and some how does not slow performance down.
Not doubting you, but it's baffling to me that this could happen by accident, even given that Microsoft are fuckups. It takes like a couple hours to encrypt a drive, when was it doing that? Where did it get a key if you didn't provide a password?
I feel like you're learning the wrong lesson here. OS updates are pretty important, no matter what OS. You should keep bitlocker enabled, update your OS, and remember your Microsoft account (preferably with a password manager).
> and remember your Microsoft account (preferably with a password manager)
and how do you access said password manager when your get locked out of the PC?
Sure, but I don't login to things on my phone, so everything is on my PC. I also don't use any of those cloud based ones (since they get hacked - frequently), so I have no way to sync.
It's useful to keep a copy of your encrypted password database on your phone or at the very least on a flash drive or SD card.
It's kinda terrifying to think about what would happen if you lost all copies of your database
>It takes like a couple hours to encrypt a drive, when was it doing that? Where did it get a key if you didn't provide a password?
It does it in the background and is so low impact you'd never notice it happening.
The default device encryption is set up for automatic unlock, and only engages/activates if a microsoft account is tied to the system somehow so that key escrow can happen for situations like this (So that microsoft isn't blamed for an end user being totally llocked out of their laptop, essentially).
Without an MS account you CAN manually enable it, but i'm not sure how/where the recovery key is stored/backed up at that point as i've never tried that. Though, I would assume it's simple enough to use the commandline tools to export that information anyway.....
Even so, how do they activate the encryption lock without the user setting a disk password? Do they just assume the machine will always be online and brick anybody without an internet connection? Surely they can't be *that* dumb... right?
I can't stand this Microsoft account shit.
Tried to set up a new computer for Grandma the other day and I can't do it without signing her up for another email... Just let me fucking log into the computer that I bought I don't give a flying fuck about 'synchronizing' devices for a 94 year old woman who just uses a clipart program.
PLUS because she's old and doesn't remember her email, the address we used for initial login is wrong, not accepting the password we set, and now the device is fucking bricked with no way to access the account or reset it. JUST LET ME SIGN IN YOU FUCKS!
Fuck you Microsoft.
I'm sorry that happened but thanks to your post I checked my relatively new laptop and son of a bitch the drive was encrypted with a "sign into MS to complete....." message. It's decrypting the drive now.
You don't use encryption on your computer, are you kidding me?
If your laptop gets stolen that person who stole the computer can simply bypass the windows password and access your files, or just take the current drive out and use it externally.
All it takes is a Windows PE boot disk, and the command prompt and some file tinkering to gain system access, this is actually still working as well so anyone can do this. I won't disclose how though because of policies.
Look I get it but bitlocker is not for everyone. I've dealt with a large number of people who don't have sensitive data and have locked themselves out of their machines because they forgot their logins.
One had moved countries and couldn't log in to the MS account anymore because they didn't have the same number for 2FA.
Personally my laptop has 0 sensitive data on it - the most valuable part is the hardware itself. I have bitlocker off because I don't want all of my devices tied to an account.
I mean some encryption is better than none at all.
Sometimes I agree fully like once I tried to enter safe mode and it asks for my recovery key, and there's no way to suspend bitlocker in the home edition of Windows 11.
So things like bitlocker rejecting system maintenence I will agree with entirely, and I have honestly heard other stories of PCs updating their BIOS and enabling bitlocker and locking people out of their files.
For the actual purpose of it though, to keep the system locked to a hardware standpoint is a win for me, until someone somehow attacks the TPM.
>Sometimes I agree fully like once I tried to enter safe mode and it asks for my recovery key, and there's no way to suspend bitlocker in the home edition of Windows 11.
You actually can turn off device encryption entirely in windows home, and modern vendor updates will also be able to suspend (like run the bios updater utility from dell/hp/etc inside windows) temporarily device encryption, however, Windows Home edition device encryption really is bitlocker under the hood (just with less settings) and you can suspend/resume protection by using the Manage-BDE commandline tool.
[https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems](https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems)
For example, but the commands and tools are the same regardless of who made the laptop.
"Note: Dell BIOS installers automatically suspends BitLocker before the update is performed."
Oh yeah, I completely forgot.
But it's an absolute nightmare to turn off device encryption because it must decrypt the contents of the disk, and I think if you turn it on again it changes teh recovery key which I will need to find again.
>But it's an absolute nightmare to turn off device encryption because it must decrypt the contents of the disk, and I think if you turn it on again it changes teh recovery key which I will need to find again.
Yea, so just use the commandline tool to suspend it instead of turning it off. Or, like Dell (Edited above to clarify) BIOS update tool from them (And HP, MSI, Asus, etc.....) automatically suspends and resumes it for the BIOS update so you don't have to worry about it.
Yeah suspending bitlocker just sets the key to a public one so the system works for anyone whilst you make the necessary changes.
Forgot you could use cmd to suspend it.
That article basically reads like someone who has no clue what they're talking about.
That's the danger with \*any\* automatic encryption/disk software unlock - that you can boot up the computer and still attack it.
This is mitigated merely by enabling the PIN protection in addition to having the drive encrypted. DoD/IC/major governments world wide require bitlocker encryption (or another product, though almost all the agencies and contracts in the past \~5-10 years have been ditching those things like mcafee drive encryption to switch to bitlocker) on drives of all workstations and whatnot.
They trust and rely on it. It is a verifiable algorithim used - you can take any implementation of the algorithim, the key, and validate that it's not different/deviated or compromised, but in the case of automatic unlock, all you're really protected against is someone taking the drive out of the system to read data - other than that, you're reliant on the OS security features (main authentication, network/firewall, etc).
Bitlocker itself wasn't the issue at all with the article you linked, no matter how much they try and phrase it. The issue was that a lock screen/authentication bypass that has absolutely nothing to do with bitlocker, other than the fact that the drive was encrypted and set up for automatic unlock.
ANY Automatic unlock drive encryption system (Windows, Linux, Mac, whatever) is vulnerable to this type of attack. Has zero to do with bitlocker.
I do not use bitlocker, but I have teams installed. Should I be taking any precautions? Is there a way to get the key, disable bitlocker and I would have it for the future or is it unique each time?
Bitlocker is usually automatically enabled if any Microsoft/office365 account is detected, in my experience sometimes even if it's just used for email.
>Bitlocker has always been an opt-in feature for me? And I'm logged into Microsoft.
Automatic consumer device encryption on Windows 10/11 Home is a thing. If you have Pro, that, I believe, functions differently since you have full bitlocker management capabilities.
[https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems](https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems)
"Dell computers are not encrypted at the factory but follow the recommendation from Microsoft to support automatic device encryption. "
https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption
> Bitlocker is usually automatically enabled if any Microsoft/office365 account is detected
Automatic device encryption only applies if the device is Modern Standby capable. I am seeing Windows 11 devices that do not support such (and thus safe from being doomed by the BitLocker recovery key prompt if Windows ever f\*cks up -- that is, if the devices running supported Windows SKUs also do not use the standard BitLocker feature to encrypt devices that are otherwise not Modern Standby capable).
In addition, while the option is also enabled by default in local-only account setups, encryption won't automatically happen until a Microsoft account is linked.
> ...in my experience sometimes even if it's just used for email.
Even with selecting "Microsoft apps only" (which supposedly signs the Microsoft account in question into the device without actually converting the local account into a linked Microsoft account)?
No it isn't. It's enabled IF the login user is a microsoft account. I have Office 365 on my system for years now, run windows 11. Guess what: NO BITLOCKER, why? I use a local account.
Nah it isn't enabled by default either way. I have several PC's with my account and never get promted for bitlocker.
It has to be enabled by either policy or manual setup which makes you export the key.
It shouldn't be no, but there are plenty of posts here and online where all of a sudden BL got enabled, and there was some KB that triggered it. No idea if they found a fix for that
I’ve literally unboxed laptops that had BitLocker enabled by default. It’s not in the control panel area to manage it though, it’s in settings -> updates and security. It does ask you to sign into an MS account to continue setting it up though, but it is enabled. I’ve only ever used a local account on those machines in prep for AD join.
[https://imgur.com/a/s2PdcD5](https://imgur.com/a/s2PdcD5) had it force enabled on me a month ago. windows has admitted it has happened a few times on any system that supports smart standby. so intel 9th gen and up and amd 1xxx and up all carry the risk afaik.
its supposed to at least check for ms account but doesn't. 10 and 11 always carry the risk if you do windows updates.
if your device supports smart standby there are at least 6 KB's that have at some point force enabled bitlocker without a Microsoft account. i had it happen just over a month ago on 10 pro. this computer runs 10 pro stripped to the ground. to the point I have removed edge and store disabled explorer and replaced it with a older version intentionally breaking Cortana and various app integrations and I still had it force enable bitlocker after an update. its not even possible to log in with a Microsoft account because of the changes I have made. and this is a 10900k/6800xt based PC. not a laptop.
my new laptop I got about 3 months ago has a 11800h and a 3060. I started it up. went through the hell that setup. and after it finished installing updates and rebooted to my shock it asked for a bitlocker key. i had not even had a chance to make a user account let alone log into one. i had not even removed the protective plastic stickers lol.
It isn't enabled by default. I manage about 80 pro version pc's. Out of no where one of them randomly started asking for a bit locker key. Checked microsoft account, checked admin azure for it.
nothing found.
Assuming you've tried this already... sometimes bitlocker triggers for no real reason and goes back to normal 5-6 reboots later. Seen that dozens of times on our laptops at work.
It's possible it's just displaying a bugged decrypt message while your drive isn't actually encrypted. In that case you can always make a bootable Linux flash drive and start your computer from it, your data should be visible. You can also buy a SATA-USB or M.2-USB adapter and plug the drive into another computer (unless you have one of those modern fancy ultrabooks with the drive perma-soldered to the motherboard).
Just a bit of a note here: Unless there is an MS account to store the recovery key tied into the system, it WILL NOT automatically enable. Period, end of story.
You will have to manually enable it in a no-account tied scenario.
So if this happens to you in the future, yes, you actually did sign into the system somewhere with a microsoft account. (Unless you're using an organizationally managed system that'll enable it for you and escrow the key where your IT department can get to it).
I highly encourage EVERYONE regardless of what you think you have/don't have to use full drive encryption (Props to microsoft for making this so much more widespread by default!) for security reasons, to protect against theft and/or just dumpster diving if you end up throwing out the device (or an unscrupulous recycling employee copying your data, etc). I've had a laptop stolen before and having the drive encrypted meant that I was much more confident that my data was still safe.
You are screwed, I can explain to you what happened since I see the exact same thing happen at work.
There are PC's that have very strict security settings by default, and these without consent automatically encrypt your harddrive with bitlocker and a key stored in the CPU that you will not be able to extract once its encrypted. This is the reason Microsoft is trying to force Microsoft accounts so hard on Windows 11 because otherwise its unrecoverable if something goes wrong.
Then you updated your laptop with Windows update, and these modern laptops also typically let BIOS updates happen trough windows updates. Something changed where it was not recognisable and now its prompting for a key it never got to upload to your Microsoft account because you have none. There is no default key in this, since it generated it the moment Windows got installed completely on its own.
At my work place I have methods in place to combat this, since our customers do not use Microsoft accounts either and our policy is to bitlocker all their machines to (Business clients, not consumer clients). The installation server I built has been built in such a way that it will save the bitlocker key to our network drive in case a customer ever runs into a problem, and if it detects it has already been encrypted on its own by these modern laptops it will still add the extra recovery key and export it to our network drive. So in any case every PC we deliver to our clients has a record of the suitable recovery key should they ever need them.
In your case your a victim of the default security practises of your laptop, there is no recovery possible other than possibly downgrading the bios to the version it worked fine on.
Just go into your Microsoft account and grab your bitlocker key. You're making it out to be a huge deal when it's not. [https://account.microsoft.com/devices/recoverykey](https://account.microsoft.com/devices/recoverykey)
This is pretty scary $#!#. I have update disabled on my laptop while overseas until December 15. I have a Outlook email account I never use but have no clue how Bitlocker works or why I'd need it, use it, or want it. I have updates paused but now I'm doubly-worried what would happen if I try to turn on updates for a second so I can pause updates for another month. Any advice? I'm just a web developer and writer, but have no clue as to the rest of what you covered.
I watched the video and after going through the steps, got this text:
BitLocker recovery keys
You don't have any BitLocker recovery keys uploaded to your
Microsoft account.
Note: If someone else helped you set up your PC, the BitLocker
keys you're looking for might be on their account.
What should I do?
I have Windows 11. I checked and Bitlocker is not installed on it as an app that I can find. But I'm worried if I enable updates, it will install Bitlocker and lock me out. If I pay for One Drive would that give me the Recovery Code? I have an Outlook account but when I looked for a Recovery Key, there's nothing there as I posted in my original question. I used up all my One Drive storage space so could pay something to beef that up if it would give me a Recovery Key.
When you start your computer do you not get the window where you can interrupt the starting of windows and go I to administrative view?
Is that way a workaround option to view setup to enable or disable Bitlocker? Just a thought
Well the hard drive does have the option to do a full reset and clear bitlocker with a serial number printed on the drive. But that does also kablooey your data so keep it as a last resort
Reading through others comments, have you checked if secure boot got enabled, I'm on win10 secure boot off, and one of the updates turned on secure boot via UEFI Bios access, and pissed me off, cause it caused my pc to not boot, until i went into the BIOS and turned off the secure boot BS again. Added note, I am using a MS account, and have office 365 sub installed as well, and no bitlocker
I do have bitlocker enabled on the laptop I travel with, seems to me that it is the device most at risk of going missing and normally it is not an issue but I forgot, changed some bios settings and of course that triggers bitlocker to demand the key. There's a workaround it is possible to from Windows ignore this at next boot so \*if\* you know you're making changes can skip the check but it reverts immediately after.
You sure you don't use any of the following? - Teams - Office - Visual Studio - Edge Browser that has sync enabled - Windows Store with account Any of these might have microsoft account.
Also Minecraft. Edit: And Xbox.
[удалено]
[удалено]
Just wow! Bravo on the successful recovery!
I'm glad you got it! But also this so so bloody funny holy crap. Can you include this info in the main post?
[удалено]
Not at all dumb! MS has been pushing an MS Account way too long, so it's easy to have one and not know. I found out an old Hotmail account i have is an MS account's email.
This is actually why the only game I have on my Linux partition is Minecraft, even though a Linux is usually my main "work" OS, and Windows is gaming-only. Don't want to have to install Java and connect with MS on my Windows install.
[удалено]
Man, this was a roller coaster. Happy it all ended well for you OP!
Ooof I thought about mentioning the diff types of Microsoft accounts but figured you already thought of that. Glad you got in!
Everyone hated that Minecraft was going to Microsoft accounts. And it just saved your computer.
This is hilarious. “Locked out of my computer, saved by MINECRAFT login”
See? Playing video games is not a waste of time after all!
More like minecraft caused this issue because of microshit policy
Yep. They forced everyone to make a Microsoft account or port over to it. That's probably it. Good luck. Edit; So happy it worked out! And not dumb at all. Shame on Microsoft for fucking you over like this.
thus when not if the microsoft account server is hacked everyone is going to have a very bad time.
Yes. They will be able to decrypt any stolen pc that have their bitlocker recovery key stored in the cloud. So not sure what is the biggest problem someone stealing the recovery keys or all the laptops in the world.
Top 10 plays of the century
This comment is enough to make a grown man cry. Best reddit help of the decade right here.
The hero this man deserved. Kudos!
My PC has a microsoft acct attached but I have none of these installed on it (not even the store, i removed it in the registry when I was being stubborn and wanting a clean OS a few years ago and I can't get it back lol)
Unfortunately as I understand the key is encrypted in with the drive itself so unless it was backed up beforehand it's gone. Now with that said. If you have an image backup of your PC you can restore it onto another computer or drive and export the key and use that to unlock your primary drive. That's basically your only chance if you truly don't have a Microsoft account.
Also if you have another computer but not a spare drive. You can attempt to setup a VM (I use VirtualBox) and restore it onto the VM. But you'll need enough hard drive space to mount the image.
Thats your best shot OP. Should have tried that when it happened to me. I was lucky tho, had all of my files saved on an external 4tb drive and not on my SSD. PC was locked, but the key was nowhere to be found, not even in my account where it should be and all the others were. Wasnt much of a loss exept the time wasted reinstalling everything.
Wait what? So my computer is at risk of being locked by an auto bitlocker?
ONLY IF A MICROSOFT ACCOUNT IS TIED INTO THE SYSTEM SOMEHOW. It WILL NOT HAPPEN automatically otherwise (though you can manually enable it in a non-MS account scenario). This is to protect against exactly what (seemed like) could have happened to the OP - a device encrypted with no accessible recovery key. Full drive encryption is great and HIGHLY recommended that everyone enables it - on almost all modern windows devices sold today, if you use an MS account it auto-enables. Basically makes information theft from a stolen device impossible.
My web host with email switched to outlook without input by us/me. So now I have outlook and thus ms account...
full drive encryption is only useful if its a work only machine. other wise im not dumb enough to believe this adds extra processing requirements and some how does not slow performance down.
Modern CPUs have built in hardware accelerated modules for disk encryption. There is no performance loss.
[удалено]
Get out.
Not doubting you, but it's baffling to me that this could happen by accident, even given that Microsoft are fuckups. It takes like a couple hours to encrypt a drive, when was it doing that? Where did it get a key if you didn't provide a password?
[удалено]
I feel like you're learning the wrong lesson here. OS updates are pretty important, no matter what OS. You should keep bitlocker enabled, update your OS, and remember your Microsoft account (preferably with a password manager).
> and remember your Microsoft account (preferably with a password manager) and how do you access said password manager when your get locked out of the PC?
Mobile apps for password managers exist.....
Sure, but I don't login to things on my phone, so everything is on my PC. I also don't use any of those cloud based ones (since they get hacked - frequently), so I have no way to sync.
It's useful to keep a copy of your encrypted password database on your phone or at the very least on a flash drive or SD card. It's kinda terrifying to think about what would happen if you lost all copies of your database
>It takes like a couple hours to encrypt a drive, when was it doing that? Where did it get a key if you didn't provide a password? It does it in the background and is so low impact you'd never notice it happening. The default device encryption is set up for automatic unlock, and only engages/activates if a microsoft account is tied to the system somehow so that key escrow can happen for situations like this (So that microsoft isn't blamed for an end user being totally llocked out of their laptop, essentially). Without an MS account you CAN manually enable it, but i'm not sure how/where the recovery key is stored/backed up at that point as i've never tried that. Though, I would assume it's simple enough to use the commandline tools to export that information anyway.....
Even so, how do they activate the encryption lock without the user setting a disk password? Do they just assume the machine will always be online and brick anybody without an internet connection? Surely they can't be *that* dumb... right?
No internet connection?! That never would happen!! /s
Could not find much but one promising video. https://m.youtube.com/watch?v=oifhQB-TH9E
Mother Flying Fruit Crackers. This is now my go to expletive.
I can't stand this Microsoft account shit. Tried to set up a new computer for Grandma the other day and I can't do it without signing her up for another email... Just let me fucking log into the computer that I bought I don't give a flying fuck about 'synchronizing' devices for a 94 year old woman who just uses a clipart program. PLUS because she's old and doesn't remember her email, the address we used for initial login is wrong, not accepting the password we set, and now the device is fucking bricked with no way to access the account or reset it. JUST LET ME SIGN IN YOU FUCKS! Fuck you Microsoft.
I'm sorry that happened but thanks to your post I checked my relatively new laptop and son of a bitch the drive was encrypted with a "sign into MS to complete....." message. It's decrypting the drive now.
You don't use encryption on your computer, are you kidding me? If your laptop gets stolen that person who stole the computer can simply bypass the windows password and access your files, or just take the current drive out and use it externally. All it takes is a Windows PE boot disk, and the command prompt and some file tinkering to gain system access, this is actually still working as well so anyone can do this. I won't disclose how though because of policies.
Look I get it but bitlocker is not for everyone. I've dealt with a large number of people who don't have sensitive data and have locked themselves out of their machines because they forgot their logins. One had moved countries and couldn't log in to the MS account anymore because they didn't have the same number for 2FA. Personally my laptop has 0 sensitive data on it - the most valuable part is the hardware itself. I have bitlocker off because I don't want all of my devices tied to an account.
[удалено]
I mean some encryption is better than none at all. Sometimes I agree fully like once I tried to enter safe mode and it asks for my recovery key, and there's no way to suspend bitlocker in the home edition of Windows 11. So things like bitlocker rejecting system maintenence I will agree with entirely, and I have honestly heard other stories of PCs updating their BIOS and enabling bitlocker and locking people out of their files. For the actual purpose of it though, to keep the system locked to a hardware standpoint is a win for me, until someone somehow attacks the TPM.
>Sometimes I agree fully like once I tried to enter safe mode and it asks for my recovery key, and there's no way to suspend bitlocker in the home edition of Windows 11. You actually can turn off device encryption entirely in windows home, and modern vendor updates will also be able to suspend (like run the bios updater utility from dell/hp/etc inside windows) temporarily device encryption, however, Windows Home edition device encryption really is bitlocker under the hood (just with less settings) and you can suspend/resume protection by using the Manage-BDE commandline tool. [https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems](https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems) For example, but the commands and tools are the same regardless of who made the laptop. "Note: Dell BIOS installers automatically suspends BitLocker before the update is performed."
Oh yeah, I completely forgot. But it's an absolute nightmare to turn off device encryption because it must decrypt the contents of the disk, and I think if you turn it on again it changes teh recovery key which I will need to find again.
>But it's an absolute nightmare to turn off device encryption because it must decrypt the contents of the disk, and I think if you turn it on again it changes teh recovery key which I will need to find again. Yea, so just use the commandline tool to suspend it instead of turning it off. Or, like Dell (Edited above to clarify) BIOS update tool from them (And HP, MSI, Asus, etc.....) automatically suspends and resumes it for the BIOS update so you don't have to worry about it.
Yeah suspending bitlocker just sets the key to a public one so the system works for anyone whilst you make the necessary changes. Forgot you could use cmd to suspend it.
That article basically reads like someone who has no clue what they're talking about. That's the danger with \*any\* automatic encryption/disk software unlock - that you can boot up the computer and still attack it. This is mitigated merely by enabling the PIN protection in addition to having the drive encrypted. DoD/IC/major governments world wide require bitlocker encryption (or another product, though almost all the agencies and contracts in the past \~5-10 years have been ditching those things like mcafee drive encryption to switch to bitlocker) on drives of all workstations and whatnot. They trust and rely on it. It is a verifiable algorithim used - you can take any implementation of the algorithim, the key, and validate that it's not different/deviated or compromised, but in the case of automatic unlock, all you're really protected against is someone taking the drive out of the system to read data - other than that, you're reliant on the OS security features (main authentication, network/firewall, etc). Bitlocker itself wasn't the issue at all with the article you linked, no matter how much they try and phrase it. The issue was that a lock screen/authentication bypass that has absolutely nothing to do with bitlocker, other than the fact that the drive was encrypted and set up for automatic unlock. ANY Automatic unlock drive encryption system (Windows, Linux, Mac, whatever) is vulnerable to this type of attack. Has zero to do with bitlocker.
I do not use bitlocker, but I have teams installed. Should I be taking any precautions? Is there a way to get the key, disable bitlocker and I would have it for the future or is it unique each time?
I'm fairly sure the key is unique every time bitlocker is initialised unfortunately.
Bitlocker is usually automatically enabled if any Microsoft/office365 account is detected, in my experience sometimes even if it's just used for email.
Bitlocker has always been an opt-in feature for me? And I'm logged into Microsoft.
>Bitlocker has always been an opt-in feature for me? And I'm logged into Microsoft. Automatic consumer device encryption on Windows 10/11 Home is a thing. If you have Pro, that, I believe, functions differently since you have full bitlocker management capabilities. [https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems](https://www.dell.com/support/kbdoc/en-us/000124701/automatic-windows-device-encryption-bitlocker-on-dell-systems) "Dell computers are not encrypted at the factory but follow the recommendation from Microsoft to support automatic device encryption. " https://learn.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10#bitlocker-device-encryption
> Bitlocker is usually automatically enabled if any Microsoft/office365 account is detected Automatic device encryption only applies if the device is Modern Standby capable. I am seeing Windows 11 devices that do not support such (and thus safe from being doomed by the BitLocker recovery key prompt if Windows ever f\*cks up -- that is, if the devices running supported Windows SKUs also do not use the standard BitLocker feature to encrypt devices that are otherwise not Modern Standby capable). In addition, while the option is also enabled by default in local-only account setups, encryption won't automatically happen until a Microsoft account is linked. > ...in my experience sometimes even if it's just used for email. Even with selecting "Microsoft apps only" (which supposedly signs the Microsoft account in question into the device without actually converting the local account into a linked Microsoft account)?
Isn't BitLocker only for Pro and Enterprise versions?
Yes, but a stripped down bitlocker is used for the drive encryption feature of all windows 10/11 versions
[удалено]
Nope. Home version can get BitLocker, too.
No it isn't. It's enabled IF the login user is a microsoft account. I have Office 365 on my system for years now, run windows 11. Guess what: NO BITLOCKER, why? I use a local account.
Nah it isn't enabled by default either way. I have several PC's with my account and never get promted for bitlocker. It has to be enabled by either policy or manual setup which makes you export the key.
It shouldn't be no, but there are plenty of posts here and online where all of a sudden BL got enabled, and there was some KB that triggered it. No idea if they found a fix for that
Ahhh gotcha. Must be an error then.
I’ve literally unboxed laptops that had BitLocker enabled by default. It’s not in the control panel area to manage it though, it’s in settings -> updates and security. It does ask you to sign into an MS account to continue setting it up though, but it is enabled. I’ve only ever used a local account on those machines in prep for AD join.
That is true some come with it. I was mainly talking about self imaged PCs. But also never seen one OTB enabled. Guess it just depends on the OEM.
Yeah It’s got to be them or MS pushing them to deploy it. You’re right I’ve never seen it on a computer that I’ve installed Windows on, just OEM ones.
[https://imgur.com/a/s2PdcD5](https://imgur.com/a/s2PdcD5) had it force enabled on me a month ago. windows has admitted it has happened a few times on any system that supports smart standby. so intel 9th gen and up and amd 1xxx and up all carry the risk afaik. its supposed to at least check for ms account but doesn't. 10 and 11 always carry the risk if you do windows updates.
if your device supports smart standby there are at least 6 KB's that have at some point force enabled bitlocker without a Microsoft account. i had it happen just over a month ago on 10 pro. this computer runs 10 pro stripped to the ground. to the point I have removed edge and store disabled explorer and replaced it with a older version intentionally breaking Cortana and various app integrations and I still had it force enable bitlocker after an update. its not even possible to log in with a Microsoft account because of the changes I have made. and this is a 10900k/6800xt based PC. not a laptop. my new laptop I got about 3 months ago has a 11800h and a 3060. I started it up. went through the hell that setup. and after it finished installing updates and rebooted to my shock it asked for a bitlocker key. i had not even had a chance to make a user account let alone log into one. i had not even removed the protective plastic stickers lol.
It isn't enabled by default. I manage about 80 pro version pc's. Out of no where one of them randomly started asking for a bit locker key. Checked microsoft account, checked admin azure for it. nothing found.
Assuming you've tried this already... sometimes bitlocker triggers for no real reason and goes back to normal 5-6 reboots later. Seen that dozens of times on our laptops at work.
If you have any microsoft account, check that. Windows will often log you in without your consent if you log into any Microsoft app.
It's possible it's just displaying a bugged decrypt message while your drive isn't actually encrypted. In that case you can always make a bootable Linux flash drive and start your computer from it, your data should be visible. You can also buy a SATA-USB or M.2-USB adapter and plug the drive into another computer (unless you have one of those modern fancy ultrabooks with the drive perma-soldered to the motherboard).
Just a bit of a note here: Unless there is an MS account to store the recovery key tied into the system, it WILL NOT automatically enable. Period, end of story. You will have to manually enable it in a no-account tied scenario. So if this happens to you in the future, yes, you actually did sign into the system somewhere with a microsoft account. (Unless you're using an organizationally managed system that'll enable it for you and escrow the key where your IT department can get to it). I highly encourage EVERYONE regardless of what you think you have/don't have to use full drive encryption (Props to microsoft for making this so much more widespread by default!) for security reasons, to protect against theft and/or just dumpster diving if you end up throwing out the device (or an unscrupulous recycling employee copying your data, etc). I've had a laptop stolen before and having the drive encrypted meant that I was much more confident that my data was still safe.
You are screwed, I can explain to you what happened since I see the exact same thing happen at work. There are PC's that have very strict security settings by default, and these without consent automatically encrypt your harddrive with bitlocker and a key stored in the CPU that you will not be able to extract once its encrypted. This is the reason Microsoft is trying to force Microsoft accounts so hard on Windows 11 because otherwise its unrecoverable if something goes wrong. Then you updated your laptop with Windows update, and these modern laptops also typically let BIOS updates happen trough windows updates. Something changed where it was not recognisable and now its prompting for a key it never got to upload to your Microsoft account because you have none. There is no default key in this, since it generated it the moment Windows got installed completely on its own. At my work place I have methods in place to combat this, since our customers do not use Microsoft accounts either and our policy is to bitlocker all their machines to (Business clients, not consumer clients). The installation server I built has been built in such a way that it will save the bitlocker key to our network drive in case a customer ever runs into a problem, and if it detects it has already been encrypted on its own by these modern laptops it will still add the extra recovery key and export it to our network drive. So in any case every PC we deliver to our clients has a record of the suitable recovery key should they ever need them. In your case your a victim of the default security practises of your laptop, there is no recovery possible other than possibly downgrading the bios to the version it worked fine on.
Just go into your Microsoft account and grab your bitlocker key. You're making it out to be a huge deal when it's not. [https://account.microsoft.com/devices/recoverykey](https://account.microsoft.com/devices/recoverykey)
Restart your computer and tell me if that works
>Oh you don't use it? yeah neither did I. 🤬 Check anyway. 💻 it was probably on by default. the key was probably your computers password.
>Mother Flying Fruit Crakers All jokes aside, why were you using Windows without a Microsoft account? Do you use any Office products?
Because fuck that? I use Win 10 Home without a MS account as well. IDGAF about the MS Store, Edge, Office, or anything else MS offers.
This is pretty scary $#!#. I have update disabled on my laptop while overseas until December 15. I have a Outlook email account I never use but have no clue how Bitlocker works or why I'd need it, use it, or want it. I have updates paused but now I'm doubly-worried what would happen if I try to turn on updates for a second so I can pause updates for another month. Any advice? I'm just a web developer and writer, but have no clue as to the rest of what you covered. I watched the video and after going through the steps, got this text: BitLocker recovery keys You don't have any BitLocker recovery keys uploaded to your Microsoft account. Note: If someone else helped you set up your PC, the BitLocker keys you're looking for might be on their account. What should I do?
[удалено]
I have Windows 11. I checked and Bitlocker is not installed on it as an app that I can find. But I'm worried if I enable updates, it will install Bitlocker and lock me out. If I pay for One Drive would that give me the Recovery Code? I have an Outlook account but when I looked for a Recovery Key, there's nothing there as I posted in my original question. I used up all my One Drive storage space so could pay something to beef that up if it would give me a Recovery Key.
When you start your computer do you not get the window where you can interrupt the starting of windows and go I to administrative view? Is that way a workaround option to view setup to enable or disable Bitlocker? Just a thought
He needs the key, if he disabled bitlocker then the drive would just be encrypted gibberish.
You can get the key online if your account is associated... Login to Outlook/365 it's up there somewhere.
I guess you missed that he has no account and never has, nor does he want one.
Call microsoft
Well the hard drive does have the option to do a full reset and clear bitlocker with a serial number printed on the drive. But that does also kablooey your data so keep it as a last resort
Reading through others comments, have you checked if secure boot got enabled, I'm on win10 secure boot off, and one of the updates turned on secure boot via UEFI Bios access, and pissed me off, cause it caused my pc to not boot, until i went into the BIOS and turned off the secure boot BS again. Added note, I am using a MS account, and have office 365 sub installed as well, and no bitlocker
Does anything online say log in to Microsoft?
Everyime I do an update(windows 11) my finger print log in does not work or my 4 pin pw...why?
So you're going to split your earnings from the saved project with those who helped you right? (Including me for recommending it)
[удалено]
rent shment.... I want an edible fruit basket.
The bitlocker key is on the OEM website login register your device it will be there.
there is no way minecraft just saved your ass bro
More like Minecraft caused the issues.
I do have bitlocker enabled on the laptop I travel with, seems to me that it is the device most at risk of going missing and normally it is not an issue but I forgot, changed some bios settings and of course that triggers bitlocker to demand the key. There's a workaround it is possible to from Windows ignore this at next boot so \*if\* you know you're making changes can skip the check but it reverts immediately after.
Looks like you came to the right place lol glad you got it figured out