3175x175(CURRENT).thumb.jpg.b05acc060982b36f5891ba728e6d953c.jpg)
Windows 11 Cloud Accounts Change How Encryption Keys Are Handled
Microsoft has confirmed that it will provide BitLocker recovery keys to the Federal Bureau of Investigation if presented with a valid legal request. The confirmation follows reporting that Microsoft supplied encryption keys to law enforcement during a criminal investigation in 2025.
The situation is tied directly to how Windows 11 handles device encryption by default. When a user signs in with a Microsoft Account, the operating system automatically backs up the device’s BitLocker recovery key to Microsoft’s cloud unless the user explicitly chooses another option during setup.
Why Microsoft Can Access BitLocker Keys
BitLocker Keys Are Stored With Microsoft Accounts
BitLocker encrypts the data on a Windows PC to protect it if the device is lost or stolen. To prevent permanent data loss, Windows 11 ties the recovery key to the user’s Microsoft Account by default.
This design allows users to recover their data if they are locked out of their PC. It also means Microsoft can access the key stored in its cloud systems when required by law.
Microsoft told Forbes that it receives around 20 requests per year from the FBI for BitLocker recovery keys. In most cases, Microsoft cannot comply because the key was never uploaded. When the key is stored in the cloud, however, Microsoft can provide it.
Legal Requests And Privacy Implications
Microsoft says it only hands over recovery keys when presented with valid legal orders. A company spokesperson stated that while cloud key recovery offers convenience, it also involves trade-offs, and customers are ultimately responsible for deciding how their encryption keys are managed.
The approach differs from some other technology companies. Apple, for example, has publicly resisted law enforcement requests when it does not have technical access to encrypted data. In contrast, Microsoft’s design allows access because the recovery keys are not end-to-end encrypted in a way that prevents the company itself from seeing them.
How To Check And Manage Your BitLocker Recovery Keys
Users can check whether their BitLocker recovery keys are stored in Microsoft’s cloud by visiting their Microsoft Account device management page. From there, keys can be viewed or deleted.
It is also possible to configure Windows to store recovery keys locally or in other locations during setup, but this requires manual action and is not the default behavior when using a Microsoft Account.
What This Means For Windows 11 Users
Windows 11’s mandatory Microsoft Account setup on most consumer editions makes cloud key backup the standard configuration. For users concerned about data access by third parties, this setup may warrant closer inspection of encryption and account settings.
Microsoft has not indicated any plans to change how BitLocker recovery keys are stored by default. For now, users who want full control over their encryption keys must actively manage where those keys are saved.
Hope you enjoyed this news post. Feedback welcome.
Posted Saturday 24 January 2026 at 6:22 pm AEST (my time).
News posts... 2023: 5,800+ | 2024: 5,700+ | 2025: 5,700+
Recommended Comments
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.