How to Recover your BitLocker Key

What is BitLocker? BitLocker is Microsoft’s encryption program for Windows and provides devices with an added layer of security. It is used to encrypt hard drives to help protect a user’s data from unauthorized access or changes. All IST managed devices (aka machines) are encrypted before they are provided to users however BitLocker encryption is optional for personal devices.

How does BitLocker work? In the background, BitLocker checks the computer during startup for any conditions that could represent a security risk (for example, a change to the BIOS or changes to any startup files). If a potential security risk is detected, BitLocker will lock the operating system drive and require a special BitLocker recovery key to unlock it. The unlocking of BitLocker will allow the device to become usable again

BitLocker recovery keys are self-serve (see instructions below for SCCM or Intune) or users can contact the IST Service Desk.

If a potential security risk is detected, BitLocker will lock the operating system drive and require a special BitLocker recovery key to unlock it. If you have access to another computer or mobile device, you can obtain the recovery key yourself. If not, please contact the IST Service Desk.

SCCM managed computers - From an unlocked computer or mobile device:

1. In a web browser, navigate to https://spartacus.nexus.uwaterloo.ca/selfservice/. Note that this requires a VPN connection if you are not connected to the campus network. (Please see https://uwaterloo.atlassian.net/wiki/spaces/ISTKB/pages/262012980 for more information about VPN. )

2. Log on with your UWaterloo credentials (your 8-character UWaterloo username and password)

3. After reading the Security Notice, click the checkbox beside ‘I have read and understand the above notice‘

4. Select Continue

5. Enter the first 8 characters of the 32-digit code into the Recovery Key ID field. (This code should be displayed on the BitLocker recovery screen on your locked computer.)

6. Select the Reason for needing to recover the key

7. Select Get Key

8. You should receive a 48-digit Bitlocker Recovery Key

9. Enter this key into the Recovery Key field on the locked computer

Intune managed computers - From an unlocked computer or mobile device:

1. User Self-Service Recovery (Preferred Method)

Recover via Microsoft Account or Entra ID

1. On another device, go to:
   🔗 My Account

2. Sign in with the same work or school account used on the encrypted device.

3. Select the device name in the list.

4. Click View BitLocker keys — this displays the recovery key ID and the 48-digit recovery key.

💡 Tip: Users should match the Key ID shown on the BitLocker recovery screen with the one shown online to ensure they select the correct key.

2. IT Admin Recovery (If user cannot access their key)

Admins can retrieve the BitLocker recovery key via:

🔹 Microsoft Intune admin center:

1. Go to Intune admin center → Devices → All devices.

2. Select the affected device.

3. Under Monitor, select Recovery keys.

4. The BitLocker recovery key will be displayed (if backup succeeded).

🔹 Microsoft Entra admin center:

1. Go to Entra admin center → Devices → All devices.

2. Select the device → BitLocker keys → view or copy the recovery key.

🔸 You must have at least Cloud Device Administrator or Helpdesk Administrator permissions to view BitLocker keys in Entra.

3. During Recovery on the Device

When prompted for the recovery key on the locked system:

• Type or paste the 48-digit numeric recovery key into the recovery screen.

• Once verified, Windows will unlock the drive and continue booting.

Related articles