Jump to:

“This update broke BitLocker for me” — Windows 11’s April patch is locking out PCs, but here’s the fix that works

How Tos
By published

A faulty BitLocker configuration is forcing some PCs into BitLocker recovery mode after the April 2026 update, but there's a workaround to resolve this issue.

Windows 11 desktop showing group policy editor and command prompt. The editor highlights a setting, while command prompt displays a successful encryption command.
Fixing the April Windows 11 update: a look at the BitLocker recovery commands saving affected PCs. (Image credit: Mauro Huculak)
Jump to:

On April 14, 2026, Microsoft began rolling out the April 2026 Security Update (KB5083769) for Windows 11, introducing several visual changes, improvements, and fixes. However, as with previous updates, some users are running into issues after installation.

Microsoft has confirmed a specific BitLocker-related problem that can cause affected devices to boot directly into the BitLocker recovery screen, preventing access to the desktop.

Article continues below

In addition, System Information must report “Secure Boot State PCR7 Binding” as “Not Possible,” the UEFI CA 2023 certificate must be present in the Secure Boot Signature Database (DB), and the device must not already be running the 2023-signed Windows Boot Manager.

How to fix the BitLocker recovery key at boot issue on Windows 11

If you prevent or resolve the current encryption issue with the April 2026 Security Update on Windows 11, you must undo the Group Policy configuration or enter the recovery key when prompted.

If you're a commercial customer, you can contact Microsoft to obtain the Known Issue Rollback (KIR) update to undo the faulty configuration if you cannot use Group Policy.

Confirm BitLocker recovery key after update

To find the BitLocker recovery key for your device, use these steps:

  1. Open your Microsoft account online on a different device.
  2. Confirm the PC name and "Key ID" to find the correct BitLocker recovery key.
  3. Type the key in the BitLocker recovery key screen.

BitLocker recovery key screen

(Image credit: Microsoft)
  1. Click the Continue button.

Once you complete the steps, the computer will boot straight to the desktop, and future reboots won't require the recovery key.

Undo Group Policy configuration before update

To undo the unrecommended Group Policy configuration from your PC, use these steps:

  1. Open Start.
  2. Search for gpedit and click the top result to open Group Policy Editor.
  3. Open the following path: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives
  4. Right-click the "Configure TPM platform validation profile for native UEFI firmware configurations" policy and choose the Edit option.
  5. Select the Not configured option.

TPM validation profile for UEFI policy

(Image credit: Mauro Huculak)
  1. Click the Apply button.
  2. Click the OK button.
  3. Open Start.
  4. Search for Command Prompt, right-click the top result, and choose the Run as administrator option.
  5. Type this command to force the new configuration and press Enter: gpupdate /force
  6. Type this command to suspend BitLocker protection on the system drive and press Enter: manage-bde -protectors -disable C:

Command Prompt manage BitLocker

(Image credit: Mauro Huculak)
  1. Type this command to resume BitLocker protection after the policy update and press Enter: manage-bde -protectors -enable C:

After you complete the steps, the system will rebind BitLocker to use the default PCR profile in the operating system, and you won't see the recovery screen upon restart after installing the update.

Have you encountered this specific problem after installing the April 2026 Security Update? Let me know in the comments.

FAQs about resetting BitLocker config

These are common questions regarding resetting the unrecommended BitLocker on Windows 11.

Why is Windows 11 asking for a BitLocker recovery key after the April 2026 update?

Windows 11 may request a BitLocker recovery key after the April 2026 update due to a misconfigured TPM validation policy. This setup changes how the system verifies boot integrity, triggering a recovery prompt on first restart.

Is the BitLocker recovery screen after the KB5083769 update a widespread issue?

No, the BitLocker recovery issue is not widespread. Microsoft confirms it affects a limited number of devices with a specific configuration involving BitLocker, PCR7, and Secure Boot settings. Most users installing the April 2026 update will not encounter this problem.

How do I fix the BitLocker recovery key loop on Windows 11?

To fix the BitLocker recovery prompt, enter your recovery key once to regain access after the update. Or reset the TPM validation policy to “Not configured” using Group Policy and re-enable BitLocker before updating.

More resources

Explore more in-depth how-to guides, troubleshooting advice, and essential tips to get the most out of Windows 11 and 10. Start browsing here:

Click to join us on r/WindowsCentral

Join us on Reddit at r/WindowsCentral to share your insights and discuss our latest news, reviews, and more.

Mauro Huculak
Mauro Huculak
Windows How-To Expert

Mauro Huculak has been a Windows How-To Expert contributor for WindowsCentral.com for nearly a decade and has over 22 years of combined experience in IT and technical writing. He holds various professional certifications from Microsoft, Cisco, VMware, and CompTIA and has been recognized as a Microsoft MVP for many years.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.