Microsoft has addressed a known issue causing some Windows 11 systems to boot into BitLocker recovery after installing the April 2026 Windows security updates. BitLocker is a Windows security feature that encrypts storage drives to protect against data theft. It also often activates recovery mode after hardware changes or TPM (Trusted Platform Module) updates, blocking access to protected drives that haven't been unlocked normally. Microsoft acknowledged the issue on April 14, saying it affects Windows 10, Windows 11, and Windows Server devices with an "unrecommended" BitLocker Group Policy configuration, and that it will prompt users to enter their BitLocker recovery key. "Some devices with an unrecommended BitLocker Group Policy configuration might be required to enter their BitLocker recovery key on the first restart after installing this update," Microsoft said. While this issue also affects systems running Windows client platforms such as Windows 10 and Windows 11, Microsoft said it's unlikely to affect personal devices, since affected configurations are typically found only on enterprise systems managed by IT teams. On Tuesday, Microsoft announced that it addressed the issue with the KB5089549 cumulative update for Windows 11 25H2, but Windows 10 and Windows Server customers will need to wait for a fix, as a permanent resolution is planned for a future update. "This update addresses an issue where some devices might enter BitLocker Recovery after updating boot files on systems with certain Trusted Platform Module (TPM) validation settings, including invalid PCR7 (Platform Configuration Register 7) configurations. This might occur after installing the April 2026 security update (KB5083769)," it said. ​Until a fix is available for all affected platforms, Windows admins are advised to remove the "Configure TPM platform validation profile for native UEFI firmware configurations" Group Policy configuration before deploying the April 2026 updates, and to ensure that BitLocker bindings use the PCR7 profile by following these steps. In August 2022, Windows devices also became stuck at a BitLocker recovery prompt after installing the KB5012170 security update. Two years later, in August 2024, Microsoft fixed another known issue that triggered BitLocker recovery prompts after installing the July 2024 Windows security updates.