Flickering screen and BitLocker key

Hi John Guiver,

I understand how frustrating and concerning this situation can be, especially when you’re being asked for something you don’t recall setting up.

I can see that Q&A Assist has already shared some initial guidance, so I’ll summarize the main points here to help make things clearer. On many Surface devices, BitLocker can turn on automatically during the initial Windows setup, even if it wasn’t manually enabled. When Windows detects a change it considers a potential security risk, such as a firmware update, recovery attempt or system issue, it may require the BitLocker recovery key before allowing certain repair or reset options to continue.

The recovery key can only be stored in specific locations. Most commonly, it’s saved to the Microsoft account that was used when the device was first set up. Please check all Microsoft accounts you may have used on this device by visiting: https://aka.ms/myrecoverykey. If the device was ever signed in with a work or school account, even briefly, the key may be stored there instead.

If the recovery key can’t be found in any of the supported locations, there unfortunately isn’t a way to recreate or bypass it. Even Microsoft doesn’t have access to recovery keys, as this is by design to protect your data.

If the device becomes unbootable or further troubleshooting is required, the remaining option would be to reset or reinstall Windows using another working computer then download a Surface recovery image. Please note that this process would remove the existing data on the device.

I know this isn’t the outcome anyone hopes for, but I hope this helps clarify why you’re seeing the BitLocker prompt and what options are realistically available.

Please feel free to let me know how things are going or if you’d like help reviewing next steps.

If you have extra questions about this answer, please click "Comment".  

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

BitLocker is working as designed and there is no supported way to obtain or bypass a missing recovery key.

On consumer Surface devices, BitLocker (or device encryption) can be enabled automatically without an explicit setup step. The recovery key is then stored in one of the supported locations (for example, a Microsoft account, an organization’s management system, or printed/saved by the user). If the key is not present in any of those locations, it cannot be recovered by anyone, including Microsoft Support.

The only available options are:

1. Continue using Windows normally without performing the Troubleshoot/Reset path that asks for the BitLocker key (so the drive remains unlocked by the existing protectors), or
2. If the device becomes unbootable and the recovery key still cannot be found, reset/reimage the device using a Surface recovery image, understanding that this will result in data loss on the encrypted drive.

For Surface devices that are stuck in recovery or repeatedly prompt for a BitLocker key after firmware/UEFI/TPM changes, the documented recovery paths require the existing BitLocker recovery password (for example, using manage-bde.exe -unlock -recoverypassword <Password> <DriveLetter>:). Without that password, those procedures cannot be completed.

If the device was ever managed by an organization (work/school), the only remaining possibility is to contact that organization’s IT to see if they have the key in MBAM, Configuration Manager BitLocker Management, Intune, or another management system. If it has always been a private, unmanaged device and the key is not in the Microsoft account or any saved/printed record, the key is not recoverable.

References:

• BitLocker overview
• BitLocker recovery: known issues
• Prompted for BitLocker recovery key after installing updates to Surface UEFI or TPM firmware on Surface device
• Request for Assistance with BitLocker Recovery – Surface Pro 2 - Microsoft Q&A