Windows 11 April 2026 Update Triggers BitLocker Recovery on Some PCs

It has been a while since one of Microsoft’s Windows 11 updates wreaked havoc among PC enthusiasts, and the April update seems to be another in line for IT administrators. In an updated support document on the Windows 11 KB5083769 cumulative update, Microsoft officially confirms that some users are encountering an unexpected BitLocker recovery prompt after applying the update. However, the good news is that this issue requires a specific BitLocker Group Policy configuration that Microsoft refers to as “unrecommended,” which is less likely to be found outside of managed IT departments. This includes systems managed through group policy settings, making it less likely to affect PC enthusiasts’ builds. For the issue to occur, a few conditions must be met. First, BitLocker must be enabled on the PC. Second, the BitLocker Group Policy setting “Configure TPM platform validation profile for native UEFI firmware configurations” must be configured with PCR7 (a TPM 2.0 module register) included in the validation profile.

Once these conditions are met, running system information, or msinfo32.exe, shows that the Secure Boot State PC47 Binding is “Not Possible.” Additionally, the Windows UEFI CA 2023 certificate must be present in the device’s Secure Boot Signature Database (DB), making the device eligible for the Windows Boot Manager signed in 2023 to become the default. Finally, the device must not be running this 2023-signed Windows Boot Manager that it supports. Only by fulfilling this unusual set of conditions does the BitLocker Recovery environment trigger, leading to a password prompt. After this, subsequent startups will not trigger it again.

As a workaround, Microsoft recommends removing this group policy configuration before installing the update across the company PC network or simply using a Known Issue Rollback (KIR). The first option is recommended, but for customers who can’t remove the PCR7 group policy, the KIR is a better option in case something happens. Microsoft is already planning a fix scheduled for the new Windows 11 update, but since the issue only affects some PCs, its severity is much smaller than previous worldwide problems Microsoft has faced in the past.