- If Windows 11 gets stuck during boot due to BitLocker, it may be due to a misconfiguration or a buggy update.
- You have to either enter the recovery key or follow the specific steps recommended by Microsoft.
If your computer suddenly boots into the BitLocker recovery screen after a restart, you’re not alone. This is a common issue on Windows 11 devices and can be triggered by system changes or, in some cases, by problematic updates.
BitLocker recovery prompts usually appear when something alters the system’s trusted state, such as changes to the TPM (Trusted Platform Module), firmware updates, BIOS settings, or other security-related configurations. However, following the April 2026 Security Update (KB5083769), a small number of devices entered recovery unexpectedly due to an unsupported configuration in the “Configure TPM platform validation profile for native UEFI firmware configurations” policy.
This isn’t an isolated case. Similar behavior was previously observed on Windows 11 25H2 and 24H2 (KB5066835), as well as Windows 10 22H2 (KB5066791), where updates surfaced underlying configuration issues and triggered recovery mode.
If your device is stuck on the BitLocker recovery screen, the fix is usually straightforward, provided you have access to your BitLocker recovery key. Once you unlock the system, you can correct the configuration and prevent the prompt from appearing again.
In this guide, I’ll outline the simple steps to recover your device using BitLocker after installing a Windows 11 system update.
Fix Windows 11 stuck in BitLocker recovery screen
To fix the issue with the BitLocker recovery screen on Windows 11, you would need another computer (or a mobile phone) with internet access, and then follow these steps:
-
Open your Microsoft account online.
-
Confirm the computer’s name from the list to find the recovery key.
-
Confirm the recovery key in the BitLocker recovery screen to start Windows 11.
-
Click the Continue button.
-
Continue with the on-screen directions.
If you can’t find the recovery key in your Microsoft account, it’s possible that when you enabled BitLocker, you chose a different option to save it. This includes printing the key on a physical piece of paper, or you probably saved it in a file on a USB flash drive or another storage device.
Although an update requiring an encryption key to unlock a device is rare, it shows that encryption can be a double-edged sword. On the one hand, it can help protect your device and data, but on the other, it can lock you out without a way to access them.
BitLocker recovery key fix before installing KB5083769
Microsoft recommends following the instructions I mentioned above to resolve the issue if you’re stuck after installing the update. However, if you haven’t installed the update KB5083769 (build 26200.8246) yet, you can prevent the issue by resetting the configuration that’s supported.
First, open the Group Policy Editor and navigate through Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
In this location, you’ll find the policy “Configure TPM platform validation profile for native UEFI firmware configurations.” If this setting was previously customized, it can cause mismatches with the current system state. If this is the case, set it back to “Not Configured.” This step tells the operating system to stop using any manually defined PCR (Platform Configuration Register) values and instead fall back to its default, trusted configuration.
Once the policy is reconfigured, open Command Prompt as an administrator, and force the system to apply the change immediately by running the gpupdate /force command.
With the updated policy in place, the next step is to refresh BitLocker’s trust relationship with the TPM. To do that, temporarily suspend BitLocker protection on the system drive by running the manage-bde -protectors -disable C: command, and then re-enable BitLocker protection by running the manage-bde -protectors -enable C: command.
Once completed, BitLocker continues to protect the drive as usual, but now with a clean, properly validated TPM configuration.
While I recommend using encryption to protect your data, you can disable BitLocker on Windows 11 if you are concerned about being locked out of your device and your data.
You always reinforce your recovery strategy by regularly creating a full Windows 11 backup to USB storage or a file backup.
Mauro Huculak is a Windows How-To Expert and founder of Pureinfotech in 2010. With over 22 years as a technology writer and IT Specialist, Mauro specializes in Windows, software, and cross-platform systems such as Linux, Android, and macOS.
Certifications: Microsoft Certified Solutions Associate (MCSA), Cisco Certified Network Professional (CCNP), VMware Certified Professional (VCP), and CompTIA A+ and Network+.
Mauro is a recognized Microsoft MVP and has also been a long-time contributor to Windows Central.
You can follow him on YouTube, Threads, BlueSky, X (Twitter), LinkedIn and About.me. Email him at [email protected].