Microsoft gave the FBI with the recovery keys able to unlock encrypted data on the hard drives of three laptops as part of a federal investigation according to Forbes.

Many modern Windows computers rely on full-disk encryption, called BitLocker, which is enabled by default. This type of technology should prevent anyone except the device owner from accessing the data if the computer is locked and powered off. 

A BitLocker recovery key is a unique 48-digit numerical password used to unlock a Windows-encrypted drive when BitLocker cannot verify authorized access, such as during hardware changes, BIOS updates, or forgotten PINs. It acts as a fail-safe to prevent permanent data loss. It is commonly stored in a Microsoft Account or IT-managed account.

Usage Examples and Scenarios

External Drives: When a BitLocker-encrypted USB drive or external hard drive is moved to another computer and refuses to unlock with the usual password.  

System Changes: When BIOS settings are modified or hardware components (like motherboard or RAM) are replaced.

Forgot Credentials: When the user forgets their login password or PIN for the encrypted drive.

Security Risks: When TPM (Trusted Platform Module) detects a potential security breach, such as too many failed password attempts, and locks the drive.

Where to Find Your Key

• Microsoft Account: account.microsoft.com/devices/recoverykey.
• Active Directory/Entra ID: For corporate devices managed by IT.
• Printed/File: A file or printout saved during initial setup.
• USB Drive: A text file stored on a separate USB device. 

Important Notes

• Microsoft Support cannot retrieve or recreate a lost key.
• If the key is lost and cannot be found, the data on the drive will be permanently inaccessible. 

However, by default, BitLocker recovery keys are uploaded to Microsoft’s cloud, allowing the tech giant — and by extension law enforcement — to access them and use them to decrypt drives encrypted with BitLocker.

Microsoft told Forbes that the company sometimes provides BitLocker recovery keys to authorities, having received an average of 20 such requests per year. The case involved several people suspected of fraud related to the Pandemic Unemployment Assistance program in Guam, a U.S. island in the Pacific.

Local news outlet Pacific Daily News covered the case last year, reporting that a warrant had been served to Microsoft in relation to the suspects’ hard drives. Kandit News, another local Guam news outlet, also reported in October that the FBI requested the warrant six months after seizing the three laptops encrypted with BitLocker. 

Save the privacy risks of handing recovery keys to a company, Johns Hopkins professor and cryptography expert Matthew Green raised the potential scenario where malicious hackers compromise Microsoft’s cloud infrastructure — something that has happened several times in recent years — and get access to these recovery keys. The hackers would still need physical access to the hard drives to use the stolen recovery keys.

“It’s 2026 and these concerns have been known for years,” Green wrote in a post on Bluesky. “Microsoft’s inability to secure critical customer keys is starting to make it an outlier from the rest of the industry.”