How to delete BitLocker recovery key from Microsoft account on Windows 11

• Windows 11 automatically uploads BitLocker recovery keys to Microsoft when device encryption is enabled.
• You can remove existing recovery keys by disabling encryption and deleting them from your Microsoft account.
• Windows 11 Pro allows BitLocker to be re-enabled without uploading the recovery key to the cloud.
• Windows 11 Home cannot enable encryption without cloud backup and requires third-party tools for local-only keys.

On Windows 11, you can remove your BitLocker recovery key from your Microsoft account and retain full control over where it is stored. In this guide, I’ll show you how to complete this configuration.

By default, device encryption on Windows 11 Home and Pro automatically uploads the recovery key to Microsoft’s cloud, which can be convenient but not ideal if you prefer local-only security.

If you prefer a more private approach to encrypting your data, first, you want to disable device encryption to make the current recovery key unusable, and you have to locate and delete the recovery key from your Microsoft account.

Related

How to stop automatic BitLocker Device Encryption during install on Windows 11

How to disable BitLocker on Windows 11

After completing the steps, you can only re-enable encryption without uploading your recovery key on Windows 11 Pro, since this is not possible with the Home edition. If you’re using the Home edition of the operating system, you may want to consider third-party solutions such as VeraCrypt. Alternatively, you can also upgrade to the Pro edition to access the full version of BitLocker.

However, if you want a more private encryption solution, you should replace BitLocker (Device Encryption) with a third-party solution (as mentioned above), regardless of whether you’re using the Pro or Home edition.

In this guide, I’ll outline the steps to encrypt your computer while keeping the recovery key locally.

• Delete BitLocker key for Windows 11 from Microsoft account
• Enable BitLocker without uploading the key to Microsoft

Delete BitLocker key for Windows 11 from Microsoft account

To delete your encryption recovery key from your Microsoft account, follow these steps:

1. Open Settings on Windows 11.

2. Click on Privacy & security.

3. Click the Device Encryption page.

4. Turn off the Device Encryption toggle switch.

   

5. Click the “Find your BitLocker recovery key” option.

6. Confirm your Microsoft Account credentials (if applicable).

7. Confirm the “Device Name” to identify the recovery key in your account.

   Quick note: You may have multiple recovery keys for the same computer. The best identifier in this case would be the “Key upload date.” However, you may want to delete all of the available keys.

8. Click the menu button and select the Delete option.

   

9. Copy the “Device Name,” “Key ID,” “Recovery Key,” “Drive,” and “Key upload date” to a text file to create a backup of the BitLocker key.

10. Check the option to confirm that you have copied the BitLocker recovery key.

11. Click the Delete button.

    

Once you complete the steps, the key to decrypt your hard drive will no longer be stored in the Microsoft servers. 

If you want to re-enable device encryption without uploading the recovery key to Microsoft, you can use the BitLocker settings in Windows 11 Pro. If you have Windows 11 Home, you won’t be able to turn on encryption without uploading the recovery to Microsoft’s cloud servers.

Enable BitLocker without uploading the key to Microsoft

To enable BitLocker on Windows 11 without uploading the recovery key, follow these steps:

1. Open Settings.

2. Click on Storage.

3. Click on Advanced storage settings under the “Storage management” section.

4. Click the Disks & volumes page.

   

5. Select the drive with the volume to encrypt.

6. Choose the volume to enable BitLocker encryption and click the Properties button.

   

7. Click the “Turn on BitLocker” option.

   

8. Click the “Turn on BitLocker” option under the “Operating system drive” section in the Control Panel.

   

9. Select the “Save to a file” option to prevent uploading the recovery key to Microsoft.

   

10. Save the file with the recovery encryption key on a different drive, such as a USB drive.

11. Click the Next button.

12. Select the “Encrypt used disk space only” option.

    

13. Click the Next button.

14. Select the “New encryption mode” option.

    

    Quick note: If you intend to encrypt a drive you will use on an older version of Windows, you should choose the “Compatible mode” option.

15. Click the Next button.

16. (Optional) Check the “Run BitLocker system check” option.

    

17. Click the Restart now button.

After you complete the steps, the computer will restart to enable BitLocker. However, depending on the data available on the drive, BitLocker will continue to encrypt the used space in the background.