Back up your BitLocker recovery key
A BitLocker recovery key is needed when BitLocker can’t automatically unlock an encrypted drive in Windows. This key, which is a 48-digit number, is used to regain access to the drive.
You might be prompted for the BitLocker recovery key during startup, due to a security risk or hardware change:
You might need to provide a BitLocker recovery key for data or external drives, for example if you forgot the unlock password:
In most situations, your BitLocker recovery key is automatically backed up when BitLocker is first activated:
-
If you use a Microsoft account, the BitLocker recovery key is typically attached to it, and you can access the recovery key online
-
If you’re using a device that’s managed by your work or school, the BitLocker recovery key is typically backed up and managed by your organization’s IT department. This is done to ensure that the organization can help you recover your data if your device is not accessible for some reason. It’s always a good idea to check with your IT department for the specific procedures and policies related to BitLocker recovery in your organization
It’s important to verify that this backup exists and is accessible, or to create an extra backup of your own.
This article provides information to back up your BitLocker recovery key. To learn how to verify if you have a BitLocker recovery key backed up to you Microsoft or work or school account, see Find your BitLocker recovery key.
Important: Microsoft Support is unable to provide, or recreate, a lost BitLocker recovery key.
Tip: If you're an IT pro looking for more details, see the BitLocker recovery documentation.
How do I back up the BitLocker recovery key?
-
From Start , type BitLocker and select Manage BitLocker from the list of results
-
In the BitLocker app, select Back up your recovery key next to the drive you want backup
-
Select where you want the key backed up
-
Save to your Microsoft Account - This will save the key in the recovery keys library of your Microsoft Account
Note: If you're signed into a computer managed by your work or school this may say Save to your Azure AD account instead.
-
Save to a USB flash drive - If you have a flash drive handy you can save the key to it. If your device asks for the recovery key in the future, insert that USB drive and follow the instructions. The key takes only a couple of KB of space so the drive doesn't have to be large
Important: Don't store this USB flash drive with the key on it with your computer. If a thief were to get the computer, they could steal the flash drive and bypass BitLocker encryption, leaving your data vulnerable.
-
Save to a file - You can save your recovery key as a plain text file on any device. If you need that file in the future just open it with a text editor like Notepad. You can't save the file to the BitLocker encrypted drive, so you might have to save it to a USB drive if you don't have a second, unencrypted, volume on the device
Tip: copy the text file to your OneDrive Personal Vault for safe and secure storage, that can be readily accessed from any device if you need it.
-
Print the recovery key - You can print the recovery key if you prefer
Important: Store that printout somewhere safe and don't keep it with the computer. If a thief were to steal the computer and the printed recovery key they could bypass BitLocker encryption, leaving your data vulnerable.
-
-
Select Finish
You can make as many backups as you want. It's not a bad idea to have more than one, just to be safe!