how to get bitlocker recovery key from microsoft account

I delete the recovery key yesterday, how to restore it? The user can supply the recovery password. If a PC is unable to boot after two failures, Startup Repair will automatically start. There is no specific hint for keys saved to an on-premises Active Directory. I ran an HP update on my new (HP) Laptop today, (that we've had for 6 months), and now a screen appeared asking for my BitLocker Recovery Key. manage-bde -ComputerName -forcerecovery . A domain administrator can recover the password from Active Directory Domain Services if that is where the password was stored. See: In some cases, users might have the recovery password in a printout or a USB flash drive and can perform self-recovery. Might the user have encountered malicious software or left the computer unattended since the last successful startup? If recovery was caused by a boot file change, was the change an intended user action (for example, BIOS upgrade), or was it caused by malicious software? Can I save multiple (different) startup keys on … See: Determine a series of steps for post-recovery, including analyzing why the recovery occurred and resetting the recovery password. Get Bitlocker Recovery Key via Backing up. In this case, a custom message (if configured) or a generic message, "Contact your organization's help desk," will be displayed. Bitlocker can only be suspended from within Windows.The only way to gain access to the system is by reinstalling the operating system, wiping out any data currently on the drive. Before you give the user the recovery password, you should gather any information that will help determine why the recovery was needed, in order to analyze the root cause during the post-recovery analysis. Using a different keyboard that does not correctly enter the PIN or whose keyboard map does not match the keyboard map assumed by the pre-boot environment. When you set up or activate BitLocker, you have several options as to how you may store the key. And I don't know why the latest insider version windows, I can't start the windows. To manage a remote computer, you can specify the remote computer name rather than the local computer name. Since you have deleted your recovery key and don't have a backup copy of it, your last option will be resetting your computer to its default factory settings. If you cannot determine the root cause, or if malicious software or a rootkit might have infected the computer, Helpdesk should apply best-practice virus policies to react appropriately. If multiple recovery passwords are stored under a computer object in ADÂ DS, the name of the BitLocker recovery information object includes the date that the password was created. Step 1: Open Command Prompt in Windows 10 with or without login. BUT I delete it when I reinstall windows 10, because I think it's a old recovery key in the Microsoft account so that I DELETE it. You must use the BitLocker Repair tool repair-bde to use the BitLocker key package. On devices with TPM 1.2, changing the BIOS or firmware boot device order causes BitLocker recovery. Log on as an administrator to the computer that has the lost startup key. So if a portable computer is connected to its docking station when BitLocker is turned on, then it might also need to be connected to the docking station when it is unlocked. To run the sample key package retrieval script: Save the following sample script in a VBScript file. Drive C. In order to access other drives it looks like it has created multiple other bitlocker recover keys, and these are not visible in microsoft portal account. A data recovery agent can use their credentials to unlock the drive. Select the Do not enable BitLocker until recovery information is stored in AD The Recovery Key is stored in Azure AD when joining a device to Azure AD and by activating Bitlocker. This section describes how this additional information can be used. Using a BIOS hot key during the boot process to change the boot order to something other than the hard drive. For example: GetBitLockerKeyPackageADDS.vbs. Was “playing” on my Surface Pro and toggled BitLocker on. Search for a copy on a USB drive. Save or Print the recovery key and let the wizard start the encryption. 5. I am sorry, I have recovery key to save in the my Microsoft account. Go to the Bitlocker window and open Backup your recovery key. If the PC is a member of a domain, the recovery password can be backed up to AD DS. Way 1: Get BitLocker recovery key via Command Prompt after Forgot. We have highly technical users and IT professionals there that can address your concern. Result: The hint for the most recent key is displayed. Because Computer object names are listed in the ADÂ DS global catalog, you should be able to locate the object even if you have a multi-domain forest. Changes to the master boot record on the disk. For instance, if you determine that an attacker has modified your computer by obtaining physical access, you can create new security policies for tracking who has physical presence. To run the sample recovery password script: Save the following sample script in a VBScript file. If the PCs are part of a workgroup, users should be advised to save their BitLocker recovery password with their Microsoft Account online. For more information, see BitLocker Troubleshooting: Continuous reboot loop with BitLocker recovery on a slate device. If software maintenance requires the computer to be restarted and you are using two-factor authentication, you can enable BitLocker Network Unlock to provide the secondary authentication factor when the computers do not have an on-premises user to provide the additional authentication method. Some BIOS or UEFI settings can be used to prevent the enumeration of the TPM to the operating system. At the command prompt, type the following command and then press ENTER: To prevent continued recovery due to a lost startup key. Verify that your recovery key is properly saved by going to this link and logging into your Microsoft account.. Once you have saved the recovery key, disable BitLocker encryption. Except for the correct password, the recovery key is the only ways to unlock your BitLocker drive. In each of these policies, select Save BitLocker recovery information to Active Directory Domain Services and then choose which BitLocker recovery information to store in Active Directory Domain Services (ADÂ DS). You would need the bitlocker key to get past it, the hard drive is encrypted, I'm sorry, there is no other way around it. For example, including PCR[1] would result in BitLocker measuring most changes to BIOS settings, causing BitLocker to enter recovery mode even when non-boot critical BIOS settings change. Because suspending BitLocker leaves the drive fully encrypted, the administrator can quickly resume BitLocker protection after the planned task has been completed. It is a 48-digit numerical password that is unique to your computer. Using suspend and resume also reseals the encryption key without requiring the entry of the recovery key. Click on the Backup your recovery key link This problem can prevent the entry of enhanced PINs. A key may be saved to your Microsoft account (search BitLocker Recovery Keys to retrieve the key) A key may be saved to your Azure Active Directory account (for business PCs where you sign in with an Azure Active Directory account, to get your recovery key, see the device info for your Microsoft Azure account) When was the user last able to start the computer successfully, and what might have happened to the computer since then? Having the CD or DVD drive before the hard drive in the BIOS boot order and then inserting or removing a CD or DVD. While an administrator can remotely investigate the cause of recovery in some cases, the end user might need to bring the computer that contains the recovered drive on site to analyze the root cause further. To find the recovery key, the details are available for registered devices in the Azure AD Management Portal. Reset your PC section in this If suspended BitLocker will automatically resume protection when the PC is rebooted, unless a reboot count is specified using the manage-bde command line tool. When you use a Microsoft Surface 2 device, you are prompted to enter your BitLocker recovery key after you turn on or restart the device or you resume the device from the sleep state. I don't know which department could help me to get bitlocker recovery key in Microsoft Account? Have you tried following the steps provided in the article? If you notice that a computer is having repeated recovery password unlocks, you might want to have an administrator perform post-recovery analysis to determine the root cause of the recovery and refresh BitLocker platform validation so that the user no longer needs to enter a recovery password each time that the computer starts up. This action prevents the computer from going into recovery mode. If self-recovery includes using a password or recovery key stored on a USB flash drive, the users should be warned not to store the USB flash drive in the same place as the PC, especially during travel, for example if both the PC and the recovery items are in the same bag, then it's easy for an unauthorized user to access the PC. When Startup Repair is launched automatically due to boot failures, it will only execute operating system and driver file repairs, provided that the boot logs or any available crash dump point to a specific corrupted file. You can perform a BitLocker validation profile reset by suspending and resuming BitLocker. But they ask me to here to raise the issue.