PostMend
PostMend blog

How to find your BitLocker recovery key

Staring at a blue screen asking for a 48-digit recovery key? Don't panic. Here is every place that key could be saved, in order of most to least likely.

← Back to all articles
Abdullah Arif22 May 20266 min read

That blue BitLocker recovery screen can look alarming, especially when you need your laptop urgently. The good news: seeing it almost never means your data is gone. It just means Windows wants to verify you are the rightful owner before handing over the drive. The key almost certainly exists somewhere — you just need to track it down.

The first thing to look at is the key identifier shown on the recovery screen — a short eight-character code like A1B2C3D4. This is not the recovery key itself; it is just a reference that tells you which 48-digit key to enter. When you find your key (in your Microsoft account or wherever it was saved), match that eight-character ID to make sure you grab the right one — particularly useful if the same account has keys for more than one device.

1. Your Microsoft account (most likely)

On modern Windows 10 and 11 machines, BitLocker is often switched on automatically when you first sign in with a Microsoft account — and when that happens, the recovery key is silently backed up to your account. Most home users find their key here. You will need a second device: a phone, a tablet, another computer, anything with a browser.

  1. Go to the Microsoft recovery key page

    On your second device, open a browser and go to https://account.microsoft.com/devices/recoverykey. The short alias aka.ms/myrecoverykey also works and takes you to the same place.

  2. Sign in with the correct account

    Use the Microsoft account that was set up on the locked laptop — not a different one. If you are unsure which email address it was, think back to when you first set the machine up. On Windows 11 24H2 and later, the recovery screen itself shows a hint of the linked email address.

  3. Find your device and match the key ID

    Once signed in, you will see a list of devices tied to the account. Find the entry whose Key ID matches the eight-character code shown on your BitLocker screen. The 48-digit recovery key sits alongside it — copy it carefully, then enter it on the locked laptop.
The recovery key page shows each saved key next to its Key ID — match that to what the BitLocker screen is showing you.

2. A work or school account

If the laptop belongs to an employer, college, or university and was set up with a work or school account, BitLocker is typically managed by the IT department through Microsoft Entra ID (formerly Azure Active Directory) or Intune. The key will be held by the organisation, not in your personal Microsoft account.

Your quickest route is to contact the IT helpdesk — they can pull the key from the Entra portal in seconds. If your organisation allows self-service, you may also be able to retrieve it yourself by visiting myaccount.microsoft.com and signing in with your work credentials, then navigating to Devices and looking for BitLocker keys. Whether self-service is enabled depends on your IT policy, so the helpdesk is usually the safer bet.

3. A printout or a saved file

When BitLocker is first switched on, Windows offers several ways to back up the key — including printing it or saving it as a text file. A lot of people do this and then promptly forget they did. Worth a proper search before giving up.

  • Check your Documents folder and Desktop on any other computer you own — the saved file is usually called something like BitLocker Recovery Key XXXXXXXX.txt.
  • Look through old emails — you may have emailed the key to yourself, or received it from IT when the machine was first provisioned.
  • Check your password manager if you use one. Some people store the key there alongside other credentials.
  • Have a look through any physical paperwork from when the laptop was issued — some organisations print the key and hand it over with the device.

4. A USB flash drive

Windows also offers to save the recovery key directly to a USB stick during BitLocker setup. If you remember doing this — or if someone set the laptop up for you — dig out your USB drives and plug them into another computer. The key file will be at the root of the drive, named the same way as above. It is worth checking any flash drive you own, even ones you have not touched in a while.

5. Active Directory (business PCs on a domain)

Older corporate environments that use on-premises Active Directory (as opposed to cloud-based Entra ID) can also store BitLocker recovery keys centrally. If your machine was joined to a company domain, your IT or systems administrator will be able to look up the key in Active Directory Users and Computers or via PowerShell. Again, the helpdesk is your first call — they will have the access they need.

If the key truly cannot be found

There is no way around this, and it is worth being clear: if the recovery key is genuinely lost — not saved to any Microsoft account, not held by your IT department, not printed, not on a USB drive — then the encrypted data on that drive cannot be recovered. Not by Microsoft, not by Dell, not by any repair shop. That is precisely what encryption is designed to do: make the data unreadable to anyone without the key. It is a hard truth, but better to know it now than after spending money chasing a dead end.

If you would like to understand more about what BitLocker is and why Windows uses it, our BitLocker explainer covers the basics without the jargon. And if your laptop is in for repair with us, we always confirm a customer has their recovery key to hand before we touch the drive — it is just part of how we work. If you have any concerns before sending your machine in, feel free to get in touch.

Need a hand with your Dell?

We diagnose every laptop free. Post it in and we'll take a look.

Get in touch
← All articles