I have device encryption on my laptop, but I'm not sure whether I ever set up a recovery key—it might have been years ago. I looked through my Microsoft Account, but I didn't save it there. My drives don't show the lock icon typical of BitLocker. When I run the manage-bde-status command, I get the following results:
Size: 197.05 GB
BitLocker Version: 2.0
Conversion Status: Used Space Only Encrypted
Percentage Encrypted: 100.0%
Encryption Method: XTS-AES 128
Protection Status: Protection Off
Lock Status: Unlocked
Identification Field: Unknown
Key Protectors: None Found
I also checked the BitLocker API logs, which show a manual trigger status and several event IDs. I'm confused about whether BitLocker is actually enabled or not. What steps should I take to keep my data safe and ensure I can recover it if my laptop fails in the future?
3 Answers
Based on what you described, it sounds like BitLocker might not be active since you don't see the lock icon, and the command's protection status is showing as off. If you had a decryption key, you could retrieve it through the PowerShell by running (Get-BitLockerVolume -MountPoint C).Keyprotector, replacing C with the appropriate drive letter.
It looks like BitLocker is enabled, but "Device encryption" is really just a simpler version that comes with Windows; it can hide some options unless you're using Pro. To keep your data safe, your most crucial step is to have backups! Normally, your recovery keys should be stored in your Microsoft account if it was set up correctly. You might want to check here: account.microsoft.com/devices/recoverykey.
I checked my Microsoft account, but there are no BitLocker keys saved. Can I still access my data in any other way without the recovery key?
When you check the BitLocker settings, do you see an option to back up the key? Windows often encrypts installations by default, but they don’t make it obvious how to retrieve the key. You should still be able to enable BitLocker now if you wish and save the recovery key to a USB or even take a photo of it.
I couldn't find the BitLocker settings either! I turned off device protection for now. Is it fine to do this before sending my laptop for repairs?
I just turned off device encryption, but I need to send my laptop for repair. Is it okay to keep it off for now?