**Microsoft** has acknowledged that certain **Windows Server 2025** devices are experiencing **BitLocker** recovery prompts following the installation of the April 2026 **KB5082063** **Windows** security update. This issue, while not widespread, affects systems with specific Group Policy configurations. ### BitLocker and the Trigger **BitLocker** is a crucial **Windows** security feature that encrypts storage drives, safeguarding data against unauthorized access. Typically, **BitLocker** recovery mode is triggered by hardware changes or **TPM** (**Trusted Platform Module**) updates. In this instance, the update interacts negatively with specific system configurations, leading to the recovery prompt. "Some devices with an unrecommended **BitLocker** Group Policy configuration might be required to enter their **BitLocker** recovery key on the first restart after installing this update," **Microsoft** stated in a recent advisory. ### Specific Configuration Requirements According to **Microsoft**, this issue is limited to systems meeting all of the following criteria: 1. **BitLocker** is enabled on the OS drive. 2. The Group Policy "**Configure TPM platform validation profile for native UEFI firmware configurations**" is configured, and PCR7 is included in the validation profile (or the equivalent registry key is set manually). 3. System Information (**msinfo32.exe**) reports that the Secure Boot State PCR7 Binding is "**Not Possible**". 4. The **Windows** UEFI CA 2023 certificate is present in the device's Secure Boot Signature Database (DB), making the device eligible for the 2023‑signed **Windows** Boot Manager to be made the default. 5. The device is not already running the 2023-signed **Windows** Boot Manager.  *BitLocker recovery screen (Microsoft)* **Microsoft** emphasizes that this issue is less likely to impact personal devices, primarily affecting systems managed by enterprise IT departments. ### Workarounds and Solutions **Microsoft** is actively developing a permanent solution. In the interim, they recommend the following workarounds: * Remove the problematic Group Policy configuration before deploying the **KB5082063** update. * Ensure that **BitLocker** bindings utilize the PCR7 profile as per **Microsoft's** instructions. * If removing the PCR7 group policy isn't feasible, apply a Known Issue Rollback (KIR) on affected devices to prevent the automatic switch to the 2023 Boot Manager and avoid triggering **BitLocker** recovery. ### A Recurring Issue This isn't the first time **Microsoft** has faced **BitLocker**-related issues after updates. Similar problems occurred in May 2025 with **Windows** 10 and in July 2024 across various **Windows** versions, highlighting the complexities of managing encryption and boot processes in a constantly evolving environment.