A user reported encountering a Bitlocker screen stating "You're locked out!" while being prompted to enter a recovery key. They mentioned this was the first time they'd seen such a message. After attempting to regain access by entering the first 8 characters of the key, they received no success. The screen highlights that the device was locked due to incorrectly entered sign-in info and suggests finding the recovery password or resetting the PC. Additionally, they clarified that this device is joined to the domain and questioned whether a lockout from multiple failed password attempts should trigger a domain account lockout instead of locking the device itself. The user is also concerned about the nature of the prompt, fearing potential malware, especially since it's not behaving like a full-screen Bitlocker recovery scenario. They've reached out to the security team to investigate potential policies affecting this device and will provide updates.
5 Answers
The Bitlocker screen seems legit if you're using Intune-managed devices. If there have been several failed login attempts, the machine might lock you out requiring that recovery key. Check out this knowledge base article for reference: [Click here](https://utsgdev.service-now.com/infocomm?id=kb_article_view&sysparm_article=KB0012213).
Yup, we experience this often during repairs too.
Can you share a screenshot of that screen? I don't recall seeing a 'you're locked out' message before. Maybe it could help others identify the issue!
Here’s the screenshot: [link to image]. Got a bit tricky to add it to the post!
I gotta say, that screenshot doesn't look quite right to me. It should only say Bitlocker or Bitlocker Recovery at the top. I mean, I’ve never seen a Bitlocker message about wrong passwords, so that's strange!
Exactly! Though, as someone pointed out, sometimes Microsoft's messages can be a bit sketchy.
Right? Good catch! It’s odd that it mentions entering the wrong password too many times."
This might relate to the TPM anti-hammering protection at play here. It's common for Bitlocker to prompt for the recovery key after multiple incorrect PIN entries. You can also find other examples online regarding similar Bitlocker issues.
It sounds like the user could've entered the Bitlocker PIN wrong several times. This can vary by tenant—but checking for usernames and password integrity is vital. If you look in the entra portal, you can find the recovery key or check the device list in myaccount.Microsoft.com.
Totally agree! Those university IT articles really save the day sometimes.