Where Microsoft Stores Your BitLocker Recovery Key and How to Retrieve It Fast

Quick fix: Visit account.microsoft.com/devices/recoverykey from any phone or other PC, sign in with the same Microsoft account that’s on the locked PC, and the 48-digit BitLocker recovery key appears next to the matching device name.

You’re staring at a blue BitLocker recovery screen demanding a 48-digit number you don’t remember setting. The drive is fine; BitLocker just won’t release the key automatically. The fix is to retrieve the key from one of four places Microsoft (or you) might have stored it. Most people have a copy and don’t realize it.

What causes this

When BitLocker is enabled (either automatically during Windows setup on a Microsoft-account-signed-in PC, or manually), Windows offers four places to save the recovery key: your Microsoft account, an Azure Active Directory account, a USB drive, or a printed paper copy. Modern BitLocker also asks if you want to save to a file. On a Microsoft-account-attached PC, the default during Windows OOBE silently uploads the key to your Microsoft account without prompting — which is the most common “I never saved it” case.

The Key ID shown on the BitLocker recovery screen is the first 8 characters of the recovery key’s identifier, and you’ll use this to match the correct key in your account or list.

Method 1: Microsoft account recovery keys page

The most likely location. Works even if the PC came with BitLocker pre-enabled from the manufacturer.

1. From a phone, tablet, or another PC, open a browser and go to account.microsoft.com/devices/recoverykey.
2. Sign in with the Microsoft account associated with the locked PC.
3. You’ll see a list of every device under that account that has BitLocker keys stored. Each entry shows device name, drive letter, Key ID, and the 48-digit recovery key.
4. Match the Key ID shown on the BitLocker recovery screen of your locked PC with the Key ID in the list. Copy the recovery key.
5. At the locked PC’s BitLocker recovery screen, type the recovery key (no dashes; Windows ignores them anyway). Press Enter.
6. The PC boots into Windows normally.

If you signed up for the Microsoft account but never enabled it on the PC (using a local account), the key won’t be in this list — try Methods 2–4.

Method 2: Work or school account (Azure AD)

If the PC was sold or provisioned by a company, school, or organization.

1. Visit account.activedirectory.windowsazure.com/r/#/profile in a browser. Sign in with your work email address.
2. Click Devices in the left sidebar.
3. Find your device. Click View BitLocker Keys if the option is available.
4. Copy the matching key. Enter it at the recovery prompt.
5. If View BitLocker Keys is not visible, your IT admin has restricted self-service recovery — contact them with the Key ID shown on your screen and they can retrieve it from the Azure AD console (Azure portal → Devices → BitLocker keys).

For most corporate PCs the IT team escrows BitLocker keys in Intune or AD, and a short ticket gets you the key within an hour.

Method 3: USB drive, printed copy, or local file

If you set up BitLocker manually, you may have saved the key to other locations.

1. Check any USB drive you used as a setup target — recovery keys are saved as a .txt file named BitLocker Recovery Key <ID>.txt.
2. Search your other PCs (or cloud storage like OneDrive, Google Drive, iCloud Drive) for files named with that pattern. On Windows: dir /s /b "C:\" | findstr BitLocker from an elevated Command Prompt.
3. Check Documents folder backups. The default file save path was historically Documents\BitLocker Recovery Key <ID>.txt.
4. If you printed the key, retrieve the paper copy from wherever you keep important documents.
5. If you used a password manager (1Password, Bitwarden, LastPass), search it for “BitLocker” — some users routinely save recovery keys there.

The file/printed copy is verbatim accurate. Type it at the recovery screen with or without dashes; Windows accepts both forms.

How to verify the fix worked

• The PC boots past the BitLocker recovery screen and into Windows normally.
• Open Settings → Privacy & security → Device encryption (or Control Panel → BitLocker Drive Encryption) and confirm encryption status reads On.
• If you suspect the recovery key may be triggered again soon (e.g., you just updated firmware), suspend BitLocker for one reboot via Manage BitLocker → Suspend protection, then resume after the reboot.

If none of these work

If you have absolutely no copy of the key in any of the four locations, the drive is unrecoverable without it — BitLocker uses AES-128 or AES-256 and offline brute force isn’t feasible. Three remaining options: (1) if this is a work PC and IT can’t find it either, the drive must be wiped; (2) if it’s a personal PC and you have backups of your data elsewhere, reinstall Windows from USB and skip the drive; (3) check whether you have an older Microsoft account email — many people have multiple Microsoft accounts (work, personal, gaming) and the key may be under a different email. Try every Microsoft account you’ve ever had at the recovery keys page. If all else fails, the encrypted data is permanently lost, and the only path forward is a fresh install with data restored from your separate backups.

Bottom line: Most BitLocker recovery keys are sitting in your Microsoft account waiting for you to retrieve them — check account.microsoft.com/devices/recoverykey before anything else.