How to Back Up and Recover BitLocker Recovery Keys?

BitLocker is an excellent way to protect your storage media from unauthorized access. Whether moving a drive to another computer or dispatching your old drive, BitLocker encryption ensures that your data is safe from prying eyes.

But with all the good stuff, there’s a catch to having BitLocker enabled on your drives. In case you forget your BitLocker recovery key, you get locked out of your drive. So, it’s essential that you know how to back up and recover your BitLocker recovery keys.

If you’re looking to store and recover BitLocker recovery keys in Active Directory, check out the Store BitLocker Recovery Keys Using Active Directory post. Aside from that, this article will cover all other methods to back up and recover BitLocker keys.

How to Access the BitLocker Management Control Panel?

The control panel item called BitLocker Drive Encryption is the main console where you can manage BitLocker on your computer.

You can access BitLocker by opening the Control Panel and clicking on BitLocker Drive Encryption.

ADVERTISEMENT

windows bitlocker recovery key

You can also run this command in PowerShell, Command Prompt, or the Run dialog box.

control /name Microsoft.BitLockerDriveEncryption

windows bitlocker recovery

And you should see the list of fixed and removable drives and their BitLocker encryption status. As you can see below, there are two encrypted drives in this machine, C: (fixed) and E: (removable), and both are encrypted with BitLocker and BitLocker To Go, respectively.

Depending on which BitLocker drive recovery key you want to backup, click the Backup your recovery key link next to the drive.

bitlocker drive encryption recovery key

Backup to File

One quick way to back up and recover your BitLocker recovery keys is to a text file. But be mindful that you can’t save the backup to another encrypted drive.

After you click the Backup your recovery key link, you’ll see the below. Click the Save to a file button.

recovery bitlocker key

Next, choose the destination to save the recovery key file. Ensure that the destination is not on an encrypted drive, otherwise, the file will not be saved.

Notice that the filename already includes the BitLocker recovery key identifier. Leave the filename as it is for easy identification, especially if you have many recovery keys to back up. Click OK to save the file.

ADVERTISEMENT

recovery key bitlocker windows 10

Lastly, click Finish.

bitlocker get recovery key

And the BitLocker recovery key is now saved to a file in your non-BitLocker USB drive.

bit key recovery

Backup by Printing

Another option is to print your BitLocker recovery key. Printing does not only refer to paper but also to files. For example, Windows has a built-in PDF printer that lets you print to a PDF file instead of a physical printer with paper.

Click the Back up your recovery key link.

ADVERTISEMENT

find bitlocker recovery key

Next, choose Print the recovery key.

get bitlocker recovery key

When the print dialog shows up, select the printer you wish to use and click Print. In this example, I’m printing to a PDF file.

bitlocker drive encryption recovery key

Choose the location, specify the destination filename, and click Save.

azure active directory bitlocker recovery key

Finally, click Finish.

ADVERTISEMENT

bitlocker recovery code

You now have a printout or a document that looks like this:

enter bitlocker recovery key

Backup to Microsoft Account

If you’re logged in to Windows using your Microsoft account, you can save your BitLocker recovery to your cloud account. This way, you can access the BitLocker Key Microsoft account backup online.

Click the Back up your recovery key link next to the drive. On the window that pops up, click Save to your Microsoft account.

enter the recovery key for this drive

Wait for the backup to complete.

finding bitlocker recovery key in active directory

Click Finish after the backup is completed.

generate bitlocker recovery key

Repeat the same steps for your other BitLocker encrypted drives.

Recover Microsoft Account BitLocker Recovery Key

To retrieve your BitLocker key Microsoft account backup, log in to your Microsoft account at https://account.microsoft.com/devices/recoverykey.

preparing bitlocker recovery

After login, you’ll be directed straight to your list of BitLocker recovery keys.

OSV means the key is for the operating system drive, while RDV indicates a BitLocker USB drive or BitLocker external drive (BitLockerToGo).

find my bitlocker recovery key

Backup to Azure Active Directory

If you’re using a Windows computer that’s joined to Azure Active Directory, backing up your BitLocker recovery keys is just a few clicks away.

Backup Fixed or OS Drive Azure AD BitLocker Recovery Key

Note. This procedure applies only to operating system disks and fixed disks.

Like the previous methods, you can access BitLocker from the Control Panel and click the Back up your recovery key link next to an OS drive or fixed drive.

Click the Save to your Azure AD account button.

bitlocker recovery key

Wait while Windows saves your recovery to your Azure AD account.

azure bitlocker recovery key

Once the backup is finished, click Finish to close the window.

azure ad bitlocker recovery key

Backup Removable Drive Azure AD BitLocker Recovery Key

Storing BitLocker recovery keys to Azure AD is not as straightforward as with OS or fixed drives. This process requires you to use PowerShell.

Open PowerShell on your Windows computer and run the below commands. Make sure to change the $BitLockerDriveLetter value to the drive letter of your encrypted removable drive.

# Specify the removable drive letter encrypted with BitLockerToGo. 
$BitLockerDriveLetter = 'E:' 
# Get the BitLocker volume object 
$BitLockerVolume = Get-BitLockerVolume -MountPoint $BitLockerDriveLetter 
# Backup the Azure AD BitLocker Recovery Key 
BackupToAAD-BitLockerKeyProtector -MountPoint $BitLockerDriveLetter -KeyProtectorId $BitLockerVolume.KeyProtector[1].KeyProtectorId

recover bitlocker key from active directory

Recover Azure AD BitLocker Recovery Key

Now, log in to your Azure AD account profile page at https://account.activedirectory.windowsazure.com/r/#/profile.

get bitlocker recovery key from ad

Once on the Profile page, click the Get BitLocker keys link.

get my bitlocker recovery key

And you should now see your stored BitLocker recovery keys.

recovery for bitlocker

Conclusion

Locking your drives to protect their contents from unauthorized access is one of the best security decisions you can make. However, it is equally important to make sure you do not get yourself locked out, too.

That’s why make it a standard practice to back up your BitLocker recovery keys whenever and wherever applicable.

I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.