Device encryption is a security feature that Microsoft often quietly enables during Windows 11 setup. Sign in with a Microsoft account on a PC with compatible hardware, and the deed is (usually) done.
In fact, many Windows 11 users may not even realize that their PC is encrypted—nor that the recovery key is also automatically saved to your Microsoft account. That key is necessary if you ever forget your password, or the data saved in your TPM gets wiped. It allows you to unlock the data stored on the drive, otherwise it’ll remain a scrambled collection of 1s and 0s. (A useful situation when someone else has your laptop, but far less so when you need access.)
[ Further reading: What is a TPM and why isn’t mine working? ]
Fortunately, viewing that recovery key is easy. Just head over to account.microsoft.com/devices/recoverykey. For extra safety, you can make a backup of your recovery key—but treat it like the sensitive info it is. One way of storing the info safely is to create an entry in a password manager, for example. (Don’t already have one? Check out our top recommendations for password managers.)
If you don’t see a key, make sure you’re logged into the correct account. Only have one account? If someone else set up your PC for you, the key could be tied to their account instead. Or if you’re a Windows 11 Pro user, BitLocker might not have been enabled via a Microsoft account. Whoever set up your PC may have created a local account then activated BitLocker.
You’ll definitely want to save your recovery key if this the case—it means you don’t have a copy of it saved anywhere. Go to Control Panel > BitLocker Drive Encryption > Backup your recovery key. Saving to your Microsoft account is the most straightforward option.
By the way, if keeping track of a recovery key seems like a headache, and you’re tempted to just turn off encryption—don’t do it. You’re better off backing up your data to multiple places (which you should be doing already…) and leaving encryption on. Share the recovery key with trusted contacts too, as applicable.
It may seem alarming that Microsoft has enabled a feature you didn’t explicitly greenlight, but it truly is to your benefit. Smartphones have made encrypted storage the default for ages, and with most people favoring laptops, you risk having your sensitive information (financial info, etc) falling into the wrong hands if you don’t encrypt your device. So leave it on. Other Windows 11 features are definitely annoying enough to nuke, but not this one.