Tales from the En-Crypt-ion, Part 2
An Old Dog Learns Some
New Tricks
5. How to Find an Encryption Key on Microsoft.com
One of the problems many users have when they are told that they must go
online at microsoft.com and use their username and password to logon
is best expressed by the reply: "I don't have a password for
that website. I have never been online at the
Microsoft website."
Indeed, if someone else set up your Windows computer, then you may not
know what are your Microsoft username and password. So, step one
to retrieving your drive encryption key is knowing what are your
Microsoft account credentials.
Once you have your credentials in hand, and you have also successfully logged onto the microsoft.com website, then to go to your Microsoft account. Click where you see your name. A small menu will appear like that shown at the right herein. Click the link to My Microsoft Account. When your Microsoft account page loads, notice the different sections in the middle of the account page. You want to focus on the Devices section.
Before you can use
the Devices Page, you must know the name or names of your
computer(s). This computer name was set when the computer or
operating system was first setup. To find the computer
name, simply open Settings by clicking the gear icon
 in the apps
list. When the settings app opens, you will see the computer name. |
 |
| Now that you know the name of the computer that you want to locate and copy its encryption key, scroll down to the Devices section. Any computer that was setup using your Microsoft credentials will be listed here. I mention this because in many families, the same Microsoft account credentials are used for each family member. |
 |
| To retrieve the encryption key, click View details for either computer. When the details page opens, a few facts about that machine will be listed. For instance, the amount of memory installed is shown. To find your PC's recovery keys, click Manage recovery keys. If you no longer own this machine and would like to remove that old PC from your account, click Remove this device that is located in the top right corner of the screen. |
 |
| When you click Manage recovery keys, all available recovery keys will be displayed. In the two samples used here, one machine has an encrypted drive; the other machine is not encrypted. When the Manage recovery keys screen appears, as in my sample here, only the one encrypted drive is shown. I have redacted the Recovery key for my own security needs. |
 |
| To print and or store the recovery key, first open up a text editor like Word or Notepad. Then simple select the key with the mouse; right click the mouse and click copy; and then right click and paste the key into the text editor. |
6. How to Turn Off or Turn Back On BitLocker Drive Encryption in Windows 11 Professional.
Under most circumstances, I personably see no reason to remove drive encryption. That said, there are some good reasons to remove drive encryption is if you plan on using that drive on another system; or place the drive in a docking station; or transfer or recycle the PC. It is quite easy to remove the encryption from a Windows 11 Professional installation. Please, however, backup all your data files before you attempt to remove drive encryption. Also, have the encryption key handy just in case something goes wrong.
| From Control Panel → BitLocker, click the setting that says Turn Off BitLocker. |
 |
| You will see that the drive is decrypting, and the lock icon is removed. The amount of time this will take depends on the size of the drive and the amount of data stored on the drive. After decryption is completed, the lock icon on the drive will be gone when you view the drive in This PC. |
 |
| Turning BitLocker back on is just as easy, but requires a few more steps. First, click Turn On BitLocker. |
 |
| The first prompt that will appear is where you wish to store the recovery key. I recommend to Save to your Microsoft account. That way, all you will need to access the key would be an Internet connected device. You cannot save it to the PC however, so to Save to a file you need a external drive already attached to the PC. You can Print the recovery key later. |
 |
| You will next be prompted to select whether you want only the part of the disk that currently holds data or do you want to encrypt the entire drive. If you are encrypting a drive that has been in use for a while, it is best to encrypt the entire drive. |
 |
| Since we are discussing the hard drive on a PC, on the third prompt, select New encryption mode. |
 |
| Then your PC will begin encrypting the drive. |
 |
| Whenever BitLocker is turned off and then on again, a new Recovery Key is generated for that drive. Likewise, whenever a clean reinstallation of Windows 11 is performed, a new key is generated then, too. The image below is from the Microsoft website. It is critical to match the Key ID to the key generated on the PC itself. The Key upload date will also help you identify the newer key. |
 |
Conclusion
I performed a clean Windows 11 Professional installation on the test machine, and I also decrypted and encrypted the drive twice. At no point in the various processes was I prompted for the recovery key. That does not, however, negate the critical need to have your recovery key readily available. Things can go wrong, When something goes wrong with root drive, you may need that recovery key to get out of whatever deep hole you may have found yourself in.
She's changed the lock on our front door
My door key
don't fit no more
So get it on over (Move it on over)
Scoot it on over (Move it on over)
Move over, skinny
dog,
'cause
the fat dog's moving in
"Move It On Over"
— Hank Williams
Songwriter Catherine Elisabeth Britt
Gerald Reiff