Getting locked out of your encrypted drive is frustrating, but your BitLocker recovery key can get you back in. This 48-digit numerical password is your backup access method when Windows can’t automatically unlock your encrypted drive. Whether you’ve forgotten your PIN, changed hardware, or encountered a system error, you’ll need this key to access your data. The following sections cover every location where your recovery key might be stored so you can decrypt your hard drive.
Check Your Microsoft Account
Your Microsoft account is the most common storage location for BitLocker recovery keys if you’re using Windows 10 or 11 with a connected Microsoft account.
Sign into your Microsoft account at microsoft.com/devices and look for the “Recovery keys” or “BitLocker” section. You’ll see a list of recovery keys associated with different devices, identified by device name and key ID. The last eight digits of the key ID will help you match the correct key to your current device.
If you’re already signed into Windows on another device with the same Microsoft account, you can also access these keys through Settings > Accounts > Your info, then click “Manage my Microsoft account” and navigate to the Devices section.
Search Your Azure Active Directory Account
For work or school computers managed by an organization, BitLocker keys are typically stored in Azure Active Directory (now Microsoft Entra ID).
Visit myaccount.microsoft.com and sign in with your work or school account. Navigate to the Devices section and select your device to view associated recovery keys. If you don’t see recovery keys listed, your IT department may have restricted access, and you’ll need to contact them directly.
Some organizations provide a self-service portal specifically for BitLocker recovery. Check your company’s IT support website or intranet for links to recovery key lookup tools.
Look for a Saved Text File or Printout
When you first enabled BitLocker, Windows prompted you to save your recovery key using several methods. You may have saved it as a text file on a USB drive or another storage location.
Search your computer, external drives, and cloud storage for files named “BitLocker Recovery Key” followed by an ID number. These are plain text files that contain your 48-digit key. Check folders like Documents, Downloads, and Desktop, as well as any USB drives you regularly use.
You also had the option to print the recovery key. Check your filing cabinet, desk drawers, or anywhere you store important documents. Some people tape these printouts inside computer cases or store them in safe deposit boxes.
Check with Your System Administrator
If you’re using a work computer, your IT department almost certainly has your BitLocker recovery key stored in their management system.
Contact your help desk or system administrator and provide them with your computer name or asset tag number. They can look up your recovery key in Active Directory, Microsoft Endpoint Manager (formerly Intune), or their enterprise management software. Most IT departments have established procedures for BitLocker recovery requests and can retrieve your key within minutes.
Be prepared to verify your identity through your employee ID, security questions, or other authentication methods your organization requires.
Use Command Prompt to Find Key ID Information
While you can’t retrieve the actual recovery key using Command Prompt, you can find the key ID, which helps you identify the correct key if you have multiple keys stored in your Microsoft account.
Open Command Prompt as an administrator by right-clicking the Start button and selecting “Windows Terminal (Admin)” or “Command Prompt (Admin).” Type manage-bde -protectors -get C: (replacing C: with your encrypted drive letter) and press Enter.
The output will show the key ID for your recovery password. You can match these last eight digits with the keys stored in your Microsoft account or provide this information to your IT department for faster key retrieval.
What to Do If You Can’t Find Your Recovery Key
If you’ve exhausted all options and still can’t locate your BitLocker recovery key, you have limited choices. Without the recovery key, your encrypted data is inaccessible—this is by design, as BitLocker’s encryption would be worthless if it could be easily bypassed.
For personal computers, if you still have access to Windows through another administrator account, you can turn off BitLocker encryption, which will decrypt the drive (though this takes time). You’ll need to enable BitLocker again later and save the new recovery key properly.
For work computers, your IT department may have additional recovery options or backup keys stored in their system. They might also be able to recover your data through enterprise backup systems, even if the encrypted drive itself remains locked.
Preventing Future Lockouts
Once you regain access to your device, take steps to prevent this situation from happening again. Save your BitLocker recovery key in multiple secure locations—your Microsoft account, a printed copy in a safe place, and an encrypted password manager.
Consider saving recovery keys for all encrypted drives, not just your system drive. External hard drives and USB drives encrypted with BitLocker to Go also generate recovery keys that you’ll need if automatic unlock fails.
Set a calendar reminder to verify annually that you can still access your recovery keys, especially if they’re stored in cloud accounts that might expire or require password resets. This simple check can save you from discovering an access problem when you urgently need the key.
Document where you’ve stored your recovery keys and keep that documentation accessible. A simple note in your password manager stating “BitLocker keys stored in Microsoft account and printed copy in home safe” can be invaluable during a stressful lockout situation.