Microsoft confirms it will give the FBI your Windows PC data encryption key if asked — you can thank Windows 11's forced online accounts for that

Microsoft has confirmed in a statement to Forbes that the company will provide the FBI access to BitLocker encryption keys if a valid legal order is requested. These keys enable the ability to decrypt and access the data on a computer running Windows, giving law enforcement the ability to break into a device to access its data.

The news comes as Forbes reports that Microsoft gave the FBI the BitLocker encryption keys to access a device in Guam that law enforcement believed to have "evidence that would help prove individuals handling the island’s Covid unemployment assistance program were part of a plot to steal funds" in early 2025.

This was possible because the device in question had its BitLocker encryption key saved in the cloud. By default, Windows 11 forces the use of a Microsoft Account, and the OS will automatically tie your BitLocker encryption key to your online account so that users can easily recover their data in scenarios where they might get locked out. This can be disabled, but the default behavior is to store the key in Microsoft's cloud when setting up a PC with a Microsoft Account.

"While key recovery offers convenience, it also carries a risk of unwanted access, so Microsoft believes customers are in the best position to decide... how to manage their keys,” Microsoft spokesperson Charles Chamberlayne said in a statement to Forbes.

• Check if your PCs BitLocker encryption key is stored in Microsoft's cloud

Microsoft told Forbes that it receives around 20 requests for BitLocker encryption keys from the FBI a year, but the majority of requests are unable to be met because the encryption key was never uploaded to the company's cloud.

This is notable as other tech companies, such as Apple, have famously refused to provide law enforcement with access to data stored on their products. Apple has openly fought against the FBI in the past when it was asked to provide a backdoor into an iPhone. Other tech giants, such as Meta, will store encryption keys in the cloud, but will encrypt the keys server-side so that only the user can access them.

It's frankly shocking that the encryption keys that do get uploaded to Microsoft aren't encrypted on the cloud side, too. That would prevent Microsoft from seeing the keys, but it seems that, as things currently stand, those keys are available in an unencrypted state, and it is a privacy nightmare for customers.

To see Microsoft so willingly hand over the keys to encrypted Windows PCs is concerning, and should make everybody using a modern Windows computer think twice before backing up their keys to the cloud. You can see which PCs have their BitLocker keys stored on Microsoft's servers on the Microsoft Account website here, which will let you delete them if present.

Follow Windows Central on Google News to keep our latest news, insights, and features at the top of your feeds!