Microsoft has confirmed that the April 2026 security update for Windows 11, KB5083769, released on April 14, is causing some devices to boot directly into the BitLocker recovery screen instead of the desktop. Affected users need to enter their BitLocker recovery key before the system can start normally.
Microsoft says this is a one-time issue and that future restarts should proceed normally once the key is entered. The problem appears to affect only devices with a specific combination of BitLocker and Secure Boot settings, and most users installing the update are not affected.
What Triggers the Issue
The BitLocker recovery prompt appears on a device when several conditions are met:
- BitLocker is enabled on the operating system drive, the Group Policy setting for configuring the TPM platform validation profile includes PCR7 in the validation profile
- System Information shows “Secure Boot State PCR7 Binding” as “Not Possible.” Additionally, the UEFI CA 2023 certificate must be present in the Secure Boot Signature Database, and the device should not already be running the 2023-signed Windows Boot Manager
Microsoft considers this an “unrecommended” BitLocker configuration that can trigger this behavior.
How to Recover if Your PC Boots to BitLocker Recovery
Users already at the BitLocker recovery screen need their recovery key to continue. They can find the key in their Microsoft account on a separate device by matching the PC name and Key ID shown on the recovery screen.
Once the key is entered and the user clicks “continue”, the system will boot to the desktop and will not ask for the key again on subsequent restarts.
How to Prevent It Before Installing KB5083769
Users who haven’t yet installed KB5083769 and want to avoid the recovery prompt can proactively reset the Group Policy configuration. To do this, open the Group Policy Editor by searching for ‘gpedit’ in the Start menu.
Then, navigate to Computer Configuration, Administrative Templates, Windows Components, BitLocker Drive Encryption, Operating System Drives.
Right-click on “Configure TPM platform validation profile for native UEFI firmware configurations” and select Edit.
Change the setting to Not configured, then click Apply and OK. Next, open Command Prompt as an administrator and run the necessary commands. manage-bde -protectors -enable C:
This process rebinds BitLocker to the default PCR profile and prevents the recovery screen from appearing after the update is installed.
Commercial users who cannot modify Group Policy settings can contact Microsoft for a Known Issue Rollback update, which can undo the faulty configuration.
Thank you for being a Ghacks reader. The post Windows 11 April 2026 Update KB5083769 Is Triggering BitLocker Recovery Screens on Some PCs appeared first on gHacks.
