Windows BitLocker Recovery Prompt on Managed Device

- Device boots to a BitLocker recovery screen and requests a recovery key. - Prompt appeared after firmware/BIOS update, docking change, or hardware event. - User cannot sign in to Windows.

- BitLocker integrity checks detected a platform/boot configuration change. - TPM-related state changed after update or hardware event. - Recovery key entry is required before normal startup can continue.

Document whether the issue affects one user, multiple users, or multiple devices. Confirm exact error messages, recent changes (password reset, update, network change), and whether the same issue reproduces in web vs desktop workflows where applicable.

Confirm the user is signed in with the correct corporate account, system time is accurate, network/VPN connectivity is stable, and the application is not running in offline or limited mode.

Use the command snippets below to collect non-destructive diagnostics. Capture output in the ticket when escalation may be required. Avoid deleting profiles, cached credentials, or managed app data unless the runbook or admin approval explicitly allows it.

- Verify device ownership and user identity using approved help desk procedures. - Collect the BitLocker recovery key ID shown on the prompt for lookup by authorized staff. - Use approved key recovery sources and security process; do not attempt to bypass encryption controls. - Document the trigger event (update, dock, hardware change) after the device is recovered.