Microsoft fixes BitLocker recovery issue only for Windows 11 users

Source: Bleeping Computer

Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates.

BitLocker is a Windows security feature that encrypts storage drives to protect against data theft. It often activates recovery mode after hardware changes or TPM (Trusted Platform Module) updates, blocking access to protected drives that haven’t been unlocked normally.

Microsoft acknowledged the issue on April 14, saying it affects Windows 10, Windows 11, and Windows Server devices with an “unrecommended” BitLocker Group Policy configuration, prompting users to enter their BitLocker recovery key.

“Some devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key on the first restart after installing this update,” Microsoft said in the support article.

While the issue also affects Windows 10 and Windows 11 client platforms, Microsoft noted it is unlikely to impact personal devices because the affected configurations are typically found only on enterprise systems managed by IT teams.

Fixed only on Windows 11 25H2 systems

On Tuesday, Microsoft announced that it addressed the issue with the KB5089549 cumulative update for Windows 11 25H2. Windows 10 and Windows Server customers will need to wait for a fix, with a permanent resolution planned for a future update.

“This update addresses an issue where some devices might enter BitLocker Recovery after updating boot files on systems with certain Trusted Platform Module (TPM) validation settings, including invalid PCR7 (Platform Configuration Register 7) configurations. This might occur after installing the April 2026 security update (KB5083769).”

Until a fix is available for all affected platforms, Windows admins are advised to:

1. Remove the “Configure TPM platform validation profile for native UEFI firmware configurations” Group Policy setting before deploying the April 2026 updates.
2. Ensure that BitLocker bindings use the PCR7 profile by following the steps in the Microsoft support article: .

Windows BitLocker recovery screen (Microsoft)

Historical context

• In August 2022, Windows devices also became stuck at a BitLocker recovery prompt after installing the KB5012170 security update.
• Two years later, in August 2024, Microsoft fixed another issue that triggered BitLocker recovery prompts after the July 2024 Windows security updates.
• In May 2025, Microsoft issued out‑of‑band emergency updates to address a similar problem that caused Windows 10 PCs to request the BitLocker recovery key after the May 2025 security updates.

This week, Microsoft released the May 2026 Patch Tuesday security updates, covering 120 vulnerabilities, including 17 critical flaws.