This tutorial will show you how to delete backed up BitLocker recovery keys from your Microsoft account.
Windows will require a BitLocker recovery key when it detects a possible unauthorized attempt to access the data on a drive (volume) encrypted by BitLocker or Device Encryption. This extra step is a security precaution intended to keep your data safe and secure. This can also happen if you make changes in hardware, firmware, or software which BitLocker cannot distinguish from a possible attack. In these cases, BitLocker may require the extra security of the recovery key even if the user is an authorized owner of the device. This is to be certain that the person trying to unlock the data really is authorized.
Each separate OS, fixed (internal), or removable drive (volume/partition) encrypted by BitLocker or Device Encryption in Windows will be assigned a unique "recovery key" each time it's encrypted. A "key ID" is used to identify which encrypted volume a recovery key belongs to.
You can back up BitLocker recovery keys to your Microsoft account so you can easily find it from any computer in the future.
If you format or turn off BitLocker or Device Encryption for a encrypted volume, then its current recovery key is no longer valid.
After a while, you can have many invalid BitLocker recovery keys for volumes on devices still backed up to your Microsoft account you may want to delete. This can make it easier to find a valid recovery key when needed.
Here's How:
1 Go to your Microsoft account BitLocker recovery keys page at Microsoft, and sign in if not already.
2 Click/tap on the More options (3 dots) button for the recovery key you want to delete, and click/tap on Delete. (see screenshot below)
3 Check I've saved a copy of this recovery key, and click/tap on Delete to confirm. (see screenshot below)
4 This recovery key will now be deleted. (see screenshot below)
5 Repeat the steps above for any other recovery keys you want to delete.
That's it,
Shawn Brink
Attachments
Last edited:
