Danny Weber
08:39 21-04-2026
© RusPhotoBank
Microsoft confirms an issue with the Windows 11 April update (KB5083769) that can trigger BitLocker recovery mode. Learn about affected configurations and temporary fixes.
Microsoft has confirmed an issue with the April update for Windows 11 (KB5083769) that can unexpectedly trigger BitLocker recovery mode on some computers.
This error doesn't affect all users, only those with specific configurations. It specifically targets systems where BitLocker is enabled and a particular Group Policy setting related to TPM platform validation via PCR7 is in use. Microsoft has already labeled this configuration as "not recommended."
Additionally, the problem requires a combination of further conditions: a specific Secure Boot state, the presence of the Windows UEFI CA 2023 certificate in the signature database, and the absence of a corresponding bootloader that supports this certificate. Only with this exact set of factors can the system enter recovery mode and request the BitLocker key.
The failure is typically a one-time occurrence—after the first recovery launch, it usually doesn't repeat. For this reason, the issue primarily affects corporate devices with configured security policies, while regular users are unlikely to encounter it.
As a temporary solution, Microsoft recommends administrators adjust the problematic Group Policy settings before installing the update. An alternative is to use the Known Issue Rollback (KIR) mechanism to revert the problematic changes.
The company is already working on a fix but emphasizes that the situation isn't widespread and is significantly less critical compared to previous Windows update failures.