Microsoft Gave BitLocker Recovery Keys to the FBI

calendar Friday, January 30, 2026 · 2 min read · BitLocker Microsoft  ·
Share: copy

Overview

What Is the Issue?

It was recently announced that in 2025, Microsoft had given BitLocker Recovery Keys to the FBI that were stored on their servers as part of a criminal investigation. Bitlocker is enabled by default on every Windows 11 device, and with the requirement to use a Microsoft Account on every default installation of Windows 11, the recovery keys should not be considered secure.

Whenever a new Windows 11 computer is setup with a Microsoft Account (which is required by default), BitLocker Recovery Keys are automatically uploaded to Microsoft’s servers:

BitLocker Recovery Keys as seen from the device settings in the Microsoft Account page. This is an old key which has been deleted.

The keys can be deleted and managed locally, but most people are not aware that this behaviour is enabled by default. Most people would not know to do this and are completely unaware of this.

What Does This Mean?

This means that you cannot trust Microsoft with your data. It also means that if you use a default installation of Windows 11 you are using a Microsoft Account, and your BitLocker recovery keys are stored on Microsoft’s server and can be assumed to be compromised. Even if you skip using a Microsoft Account during the Windows 11 setup, you may still be signing in with a Microsoft Account on the same device.

Assuming that your data is protected is completely false if you are using Windows 11.

What are the Alternatives?

In 2026 it is foolish to not use a full disk encryption solution. There are alternatives to BitLocker, and VeraCrypt is a well supported solution. I use VeraCrypt on a lot of my devices, and it is a main component of my Backup Strategy which I have discussed before.

I have talked a lot about the need to diversify what solutions are being used, and I have moved away from several Microsoft services. I only have one Windows 11 PC, and I rarely ever use it and I don’t think I will keep it around much longer. If I need to test something for Windows 11, it will be for limited periods of time with virtual machines.