In a fresh development, “This patch addresses an issue where some devices might enter BitLocker Recovery after updating boot files on systems with certain Trusted Stack Module (TPM) validation settings … after installing the April 2026 security patch (KB5083769).” Install the most recent patch via Windows Revision as soon as you can. Patched on May 15th, 2026: With Windows 11’s May patch KB5089549, Microsoft has addressed the forced BitLocker recovery key prompt issue described below.

According to the latest update, the most recent Windows 11 patch, KB5083769, can lock users out of their PCs as Windows requires them to enter their BitLocker recovery key. Anyone who doesn’t have their key can’t use their PC. Original story from April 16th, 2026: Not long after Microsoft dropped April’s Patch Tuesday for Windows 11 did some users start complaining of serious problems.

As part of the ongoing story, some devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key on the first restart after installing this patch.

Industry observers note that these conditions are unlikely to be found on personal devices not managed by IT departments:. This issue only affects a limited number of systems in which ALL of the following conditions are true.

Industry observers note that bitLocker is enabled on the OS drive. 1.

As part of the ongoing story, the Group Policy “Configure TPM ecosystem validation profile for native UEFI firmware configurations” is configured, and PCR7 is included in the validation profile (or the equivalent registry key is set manually). 2.

The report highlights that system Information (msinfo32.exe) reports Secure Boot State PCR7 Binding as “Not Possible“. 3.

The report highlights that the Windows UEFI CA 2023 certificate is present in the device’s Secure Boot Signature Database (DB), making the device eligible for the 2023‑signed Windows Boot Manager to be made the default. 4.

In a fresh development, the device is not already running the 2023-signed Windows Boot Manager. 5.

According to the latest update, the solution for affected users is to enter the BitLocker recovery key. If you don’t know your key, you must request it from your IT support team. On the page, Microsoft also explains how IT departments can resolve the issue. In other words: The issue is likely to affect only a small number of users who meet the criteria above, and the issue is most likely to occur on computers in corporate environments.

According to the latest update, note, however, that you’ll be made vulnerable once more to the security flaws that were patched by these updates. If necessary, you or your IT department can perform a Windows patch rollback (known as a Known Issue Rollback) to remove problematic updates KB5083769 or KB5082052 from your Windows PC.

Industry observers note that to learn more, see our comparison of Windows 11 Home and Pro. If you want to upgrade, snag it for cheap in the PCWorld Applications Store: now just $59 instead of $99. By the way: If you’re using Windows 11 Home, you’re missing out on the many benefits of Windows 11 Pro.

In a fresh development, this article originally appeared on our sister publication PC-WELT and was translated and localized from German.

As part of the ongoing story, he has been writing on almost all IT topics for around 25 years, covering everything from news to reviews and buying guides. Hans-Christian Dirscherl began his IT life with Autoexec.bat and config.sys, Turbo-Pascal and C, Sinix and Wordperfect.