BitLocker recovery prompts triggered on Windows Server 2025 after KB5082063 update
Summary
Hide ▲
Show ▼
Microsoft confirmed that Windows Server 2025 systems with specific BitLocker Group Policy configurations may boot into BitLocker recovery mode after installing the April 2026 KB5082063 security update. The issue occurs when certain PCR7 validation conditions are met, requiring admins to enter BitLocker recovery keys once before normal operation resumes. This affects only enterprise-managed systems with BitLocker enabled and does not impact typical end-user configurations.
Timeline
-
15.04.2026 14:41 1 articles · 7h ago
BitLocker recovery prompts triggered on Windows Server 2025 after KB5082063 deployment
Microsoft confirmed on April 15, 2026, that the April 2026 KB5082063 Windows Server 2025 security update triggers BitLocker recovery prompts on systems with PCR7-bound Group Policy configurations. Admins must either remove the PCR7 Group Policy before update deployment or apply a Known Issue Rollback (KIR) to prevent automatic switching to the 2023-signed Windows Boot Manager.
Show sources
- Microsoft: April updates trigger BitLocker key prompts on some servers — www.bleepingcomputer.com — 15.04.2026 14:41
Information Snippets
-
The issue is triggered by installing KB5082063 on Windows Server 2025 systems where BitLocker is enabled on the OS drive and the Group Policy 'Configure TPM platform validation profile for native UEFI firmware configurations' includes PCR7 in the validation profile.
First reported: 15.04.2026 14:411 source, 1 articleShow sources
- Microsoft: April updates trigger BitLocker key prompts on some servers — www.bleepingcomputer.com — 15.04.2026 14:41
-
Systems must also report 'Secure Boot State PCR7 Binding: Not Possible' in msinfo32.exe and have the Windows UEFI CA 2023 certificate present in the Secure Boot Signature Database, but not be running the 2023-signed Windows Boot Manager.
First reported: 15.04.2026 14:411 source, 1 articleShow sources
- Microsoft: April updates trigger BitLocker key prompts on some servers — www.bleepingcomputer.com — 15.04.2026 14:41
-
The BitLocker recovery screen appears only on the first restart after update installation and requires key entry once; subsequent restarts proceed normally if Group Policy remains unchanged.
First reported: 15.04.2026 14:411 source, 1 articleShow sources
- Microsoft: April updates trigger BitLocker key prompts on some servers — www.bleepingcomputer.com — 15.04.2026 14:41
-
Microsoft states the issue is unlikely to affect personal devices, as impacted configurations are typically enterprise-managed.
First reported: 15.04.2026 14:411 source, 1 articleShow sources
- Microsoft: April updates trigger BitLocker key prompts on some servers — www.bleepingcomputer.com — 15.04.2026 14:41
-
Microsoft is developing a fix and has provided temporary workarounds, including removing the PCR7 Group Policy before deploying KB5082063 or applying a Known Issue Rollback (KIR) on affected devices.
First reported: 15.04.2026 14:411 source, 1 articleShow sources
- Microsoft: April updates trigger BitLocker key prompts on some servers — www.bleepingcomputer.com — 15.04.2026 14:41