Why my surface pro asks for BitLocker recovery key?Win7 --> Win8 = Bitlocker won't ask for...

What wound would be of little consequence to a biped but terrible for a quadruped?

Why do Australian milk farmers need to protest supermarkets' milk price?

Making a sword in the stone, in a medieval world without magic

What is the difference between "shut" and "close"?

validation vs test vs training accuracy, which one to compare for claiming overfit?

Can "semicircle" be used to refer to a part-circle that is not a exact half-circle?

What exactly is the purpose of connection links straped between the rocket and the launch pad

How can I discourage/prevent PCs from using door choke-points?

Decoding assembly instructions in a Game Boy disassembler

Single word request: Harming the benefactor

If the Captain's screens are out, does he switch seats with the co-pilot?

Playing ONE triplet (not three)

What to do when during a meeting client people start to fight (even physically) with each others?

Silly Sally's Movie

"One can do his homework in the library"

Why don't MCU characters ever seem to have language issues?

Deleting missing values from a dataset

What does it mean when multiple 々 marks follow a 、?

How to make readers know that my work has used a hidden constraint?

Counter-example to the existence of left Bousfield localization of combinatorial model category

Examples of odd-dimensional manifolds that do not admit contact structure

Prove that the total distance is minimised (when travelling across the longest path)

Running a subshell from the middle of the current command

Can infringement of a trademark be pursued for using a company's name in a sentence?



Why my surface pro asks for BitLocker recovery key?


Win7 --> Win8 = Bitlocker won't ask for passwordProblems enabling Bitlocker on Surface Pro with Windows 8.1Default location for storing bitlocker keyTPM not found on Surface Pro 3Windows/Linux dualboot: Windows asks for bitlocker recovery key every boot after reinstalling LinuxBitLocker asks for recovery key every time on boot on SSDWhy are there 2 “Recovery”-type partitions after enabling BitLocker?BitLocker Windows 10 key ID match, but password notBitLocker recovery key required after dual-booting Ubuntu(Dual boot) Windows 7 asks for recovery key after update













1















I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.



My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.










share|improve this question



























    1















    I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.



    My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.










    share|improve this question

























      1












      1








      1








      I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.



      My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.










      share|improve this question














      I have a latest Microsoft surface pro and would like to install a Linux system on it. There were some installation problem with the Linux and I gave up. But when I tried to perform normal booting, the BitLocker Recovery popped up every time and required me to input the Recovery key. However, I have never made any configurations on BitLocker and set any password. I just left it by default since using the surface pro.



      My question is where I can retrieve the default recovery key and if not, how can I get back my data from the encrypted drive. Thank you so much.







      bitlocker microsoft-surface-pro






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 20 '18 at 6:13









      LuisSuarez7LuisSuarez7

      11113




      11113






















          4 Answers
          4






          active

          oldest

          votes


















          6














          What you are facing



          Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.



          I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.



          Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.



          What to do now?



          Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:




          https://account.microsoft.com/devices/recoverykey




          That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.



          With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.



          Things you must not do



          Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.






          share|improve this answer


























          • What if the Surface Pro uses a local login?

            – harrymc
            May 20 '18 at 8:42






          • 1





            Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.

            – user477799
            May 20 '18 at 9:38













          • @harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker

            – Ramhound
            May 20 '18 at 10:38











          • Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.

            – user477799
            May 20 '18 at 10:47






          • 1





            @harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.

            – user477799
            May 20 '18 at 11:20





















          2














          Your recovery key may be stored in your Microsoft Account.



          https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key



          If you haven't backed up your recovery key, your data will be inaccessible.






          share|improve this answer
























          • One problem : the guy says he hasn't used BitLocker so there is no key to recover.

            – harrymc
            May 20 '18 at 11:02











          • @harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.

            – David Marshall
            May 21 '18 at 16:24



















          0














          I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.



          So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.



          So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.





          share








          New contributor




          Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
          Check out our Code of Conduct.




























            -3














            In the case where this is only a glitch in the BIOS, where the device was never
            really encrypted, BitLocker needs to be undone in the BIOS.



            This is the procedure to boot into the BIOS, to find there some way of disabling
            BitLocker or of resetting the BIOS.



            To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:




            1. Power off the Surface – a reboot is not sufficient

            2. Press and HOLD the Volume UP button (on the left side of the tablet)

            3. Press and HOLD the Power button for five seconds (on the top of the tablet)

            4. Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.






            share|improve this answer


























            • I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.

              – harrymc
              May 20 '18 at 10:59













            • It is not an error and the only way of disregarding it is to disregard using that computer altogether.

              – user477799
              May 20 '18 at 11:23











            • @EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.

              – harrymc
              May 20 '18 at 13:34






            • 2





              All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.

              – Ramhound
              May 20 '18 at 13:47








            • 3





              BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?

              – Ramhound
              May 20 '18 at 14:44













            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1324333%2fwhy-my-surface-pro-asks-for-bitlocker-recovery-key%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            4 Answers
            4






            active

            oldest

            votes








            4 Answers
            4






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            6














            What you are facing



            Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.



            I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.



            Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.



            What to do now?



            Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:




            https://account.microsoft.com/devices/recoverykey




            That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.



            With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.



            Things you must not do



            Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.






            share|improve this answer


























            • What if the Surface Pro uses a local login?

              – harrymc
              May 20 '18 at 8:42






            • 1





              Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.

              – user477799
              May 20 '18 at 9:38













            • @harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker

              – Ramhound
              May 20 '18 at 10:38











            • Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.

              – user477799
              May 20 '18 at 10:47






            • 1





              @harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.

              – user477799
              May 20 '18 at 11:20


















            6














            What you are facing



            Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.



            I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.



            Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.



            What to do now?



            Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:




            https://account.microsoft.com/devices/recoverykey




            That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.



            With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.



            Things you must not do



            Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.






            share|improve this answer


























            • What if the Surface Pro uses a local login?

              – harrymc
              May 20 '18 at 8:42






            • 1





              Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.

              – user477799
              May 20 '18 at 9:38













            • @harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker

              – Ramhound
              May 20 '18 at 10:38











            • Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.

              – user477799
              May 20 '18 at 10:47






            • 1





              @harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.

              – user477799
              May 20 '18 at 11:20
















            6












            6








            6







            What you are facing



            Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.



            I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.



            Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.



            What to do now?



            Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:




            https://account.microsoft.com/devices/recoverykey




            That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.



            With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.



            Things you must not do



            Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.






            share|improve this answer















            What you are facing



            Microsoft Surface line of devices comes encrypted either with BitLocker or Device Encryption (which is basically a non-customizable BitLocker). This encryption does not rely on a user password at all. (It could, but it doesn't.) Instead, it relies on a recovery key stored within a tamper-proof Trusted Platform Module (TPM) chip integrated into the device.



            I also assume the Secure Boot is enabled on your Surface Pro. One of the thing that TPM and Secure Boot do is preventing unauthorized boot configuration modification. This is one of the things that can effectively stop bootkits (boot rootkits) and ransomware. When they determine that the boot path may have been compromised, TPM refuses to supply the BitLocker recovery key to the bootloader. (Nobody wants a bootkit to receive his/her recovery key.) Linux aficionados are already aware of both, because living in the Linux world takes a technically dedicated geek. So, when they install Linux, which definitely requires boot configuration changes, they disable BitLocker (and sometimes Secure Boot) in advance.



            Make no mistake: People love all this; their data is much safer. The only exception is the journalist community who both love it and love throwing mud at it, because that's their job.



            What to do now?



            Fortunately, Microsoft has a safety measure in place in case your TPM fails: The recovery key that I mentioned earlier is generated during the out-of-box experience (OOBE) sequence when your Surface Pro is first turned on, and only if you choose to log in with a Microsoft account. Device Encryption does not get enforced without it. This recovery key is then uploaded to your Microsoft account and won't be deleted without your explicit command. You can find it using this URL:




            https://account.microsoft.com/devices/recoverykey




            That's as far as the default configuration of Microsoft goes. But if you enabled BitLocker yourself ... oh, well, never mind; you said you didn't.



            With this key, you can boot Windows from the encrypted disk. From within Windows, you can disable BitLocker/Device Encryption and go about your business of installing Linux. But be advised: Linux means living on the cutting edge. If you don't have sufficient technical knowledge, some other technical difficulty may threaten your digital life. So, I suggest having backup in place.



            Things you must not do



            Do not try disabling or resetting TPM via UEFI. It won't grant you access. (Think of it this way: If your laptop was ever stolen, you wouldn't want the thieves to get any sort of access by a simple BIOS tweak, now do you?) If you do this, even if you can undo the configuration mismatch that has somehow come into effect, your TPM-based unique key will be lost forever.







            share|improve this answer














            share|improve this answer



            share|improve this answer








            edited May 21 '18 at 2:45

























            answered May 20 '18 at 8:36







            user477799




















            • What if the Surface Pro uses a local login?

              – harrymc
              May 20 '18 at 8:42






            • 1





              Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.

              – user477799
              May 20 '18 at 9:38













            • @harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker

              – Ramhound
              May 20 '18 at 10:38











            • Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.

              – user477799
              May 20 '18 at 10:47






            • 1





              @harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.

              – user477799
              May 20 '18 at 11:20





















            • What if the Surface Pro uses a local login?

              – harrymc
              May 20 '18 at 8:42






            • 1





              Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.

              – user477799
              May 20 '18 at 9:38













            • @harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker

              – Ramhound
              May 20 '18 at 10:38











            • Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.

              – user477799
              May 20 '18 at 10:47






            • 1





              @harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.

              – user477799
              May 20 '18 at 11:20



















            What if the Surface Pro uses a local login?

            – harrymc
            May 20 '18 at 8:42





            What if the Surface Pro uses a local login?

            – harrymc
            May 20 '18 at 8:42




            1




            1





            Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.

            – user477799
            May 20 '18 at 9:38







            Once a recovery key gets stored on a Microsoft account, it won't get deleted without explicit user command. The only other feasible scenario is user enabling BitLocker with his/her own settings, after logging into a local account. But the OP says it is not the case.

            – user477799
            May 20 '18 at 9:38















            @harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker

            – Ramhound
            May 20 '18 at 10:38





            @harrymc You can backup the device’s BitLocker recovery key from within Windows. Since the author did not backup this key, they will be unable to retrieve the key, unless they linked their account to a Microsoft account. Surface Pro uses BitLocker, Device Encryption is limited to Windows 10 tablet devices, that do not support BitLocker

            – Ramhound
            May 20 '18 at 10:38













            Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.

            – user477799
            May 20 '18 at 10:47





            Correct. Device Encryption is a feature of Windows 10 Home and only works when the device matches the InstantGo (formerly Connected Standby) requirements. One of them is that memory modules must be soldered to motherboard to prevent cold-boot attacks. Device Encryption activates itself the first time the user is logged onto Windows with a Microsoft account.

            – user477799
            May 20 '18 at 10:47




            1




            1





            @harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.

            – user477799
            May 20 '18 at 11:20







            @harrymc I did more comprehensive web searches. It appears Device Encryption is indeed enabled by default on Surface Pro 3 when the user opts to use a Microsoft account. (Also the OP uses Surface Pro 2017). The device is encrypted in the background and the key is uploaded to the Microsoft Account.

            – user477799
            May 20 '18 at 11:20















            2














            Your recovery key may be stored in your Microsoft Account.



            https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key



            If you haven't backed up your recovery key, your data will be inaccessible.






            share|improve this answer
























            • One problem : the guy says he hasn't used BitLocker so there is no key to recover.

              – harrymc
              May 20 '18 at 11:02











            • @harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.

              – David Marshall
              May 21 '18 at 16:24
















            2














            Your recovery key may be stored in your Microsoft Account.



            https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key



            If you haven't backed up your recovery key, your data will be inaccessible.






            share|improve this answer
























            • One problem : the guy says he hasn't used BitLocker so there is no key to recover.

              – harrymc
              May 20 '18 at 11:02











            • @harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.

              – David Marshall
              May 21 '18 at 16:24














            2












            2








            2







            Your recovery key may be stored in your Microsoft Account.



            https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key



            If you haven't backed up your recovery key, your data will be inaccessible.






            share|improve this answer













            Your recovery key may be stored in your Microsoft Account.



            https://support.microsoft.com/en-gb/help/4026181/windows-10-find-my-bitlocker-recovery-key



            If you haven't backed up your recovery key, your data will be inaccessible.







            share|improve this answer












            share|improve this answer



            share|improve this answer










            answered May 20 '18 at 7:51









            David MarshallDavid Marshall

            6,60532132




            6,60532132













            • One problem : the guy says he hasn't used BitLocker so there is no key to recover.

              – harrymc
              May 20 '18 at 11:02











            • @harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.

              – David Marshall
              May 21 '18 at 16:24



















            • One problem : the guy says he hasn't used BitLocker so there is no key to recover.

              – harrymc
              May 20 '18 at 11:02











            • @harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.

              – David Marshall
              May 21 '18 at 16:24

















            One problem : the guy says he hasn't used BitLocker so there is no key to recover.

            – harrymc
            May 20 '18 at 11:02





            One problem : the guy says he hasn't used BitLocker so there is no key to recover.

            – harrymc
            May 20 '18 at 11:02













            @harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.

            – David Marshall
            May 21 '18 at 16:24





            @harrymc That's why I wrote 'may be'. That said, I pretty sure there are bitlocker keys backed up on my Microsoft Acount that I never requested.

            – David Marshall
            May 21 '18 at 16:24











            0














            I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.



            So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.



            So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.





            share








            New contributor




            Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
            Check out our Code of Conduct.

























              0














              I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.



              So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.



              So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.





              share








              New contributor




              Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
              Check out our Code of Conduct.























                0












                0








                0







                I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.



                So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.



                So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.





                share








                New contributor




                Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.










                I learnt this the hard way last night with 2 surface book pro 2. Bitlocker is shipped by default. The user is not aware and is provided no code. When I changed the security settings in BIOS to none I was able to boot up a linux usb. However when I returned to use the device without the USB I was prompted with a request for a bitlocker key to access the windows accounts on the devices. After 4hrs on chat with Microsoft there only advice resemble the advice I got in the mid nineties from them " Reinstall start again, lose all of your data". I like to refer to the new Bitlocker key request screen as the 2020 blue screen of death. It's the same thing just jazzed up.



                So why could I not gain access to the key? Because Microsoft did not store them during sign in. This is in fact done during install and as consumers receive the surface preinstalled, you guessed it no key exists at the users end on the recovery URL provided by Microsoft.



                So the lesson is if you want to boot a non windows bootable usb on a surface, make sure you plan on deleting Windows and the drive all together.






                share








                New contributor




                Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.








                share


                share






                New contributor




                Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.









                answered 4 mins ago









                ZeoanarchyZeoanarchy

                1




                1




                New contributor




                Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.





                New contributor





                Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.






                Zeoanarchy is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
                Check out our Code of Conduct.























                    -3














                    In the case where this is only a glitch in the BIOS, where the device was never
                    really encrypted, BitLocker needs to be undone in the BIOS.



                    This is the procedure to boot into the BIOS, to find there some way of disabling
                    BitLocker or of resetting the BIOS.



                    To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:




                    1. Power off the Surface – a reboot is not sufficient

                    2. Press and HOLD the Volume UP button (on the left side of the tablet)

                    3. Press and HOLD the Power button for five seconds (on the top of the tablet)

                    4. Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.






                    share|improve this answer


























                    • I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.

                      – harrymc
                      May 20 '18 at 10:59













                    • It is not an error and the only way of disregarding it is to disregard using that computer altogether.

                      – user477799
                      May 20 '18 at 11:23











                    • @EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.

                      – harrymc
                      May 20 '18 at 13:34






                    • 2





                      All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.

                      – Ramhound
                      May 20 '18 at 13:47








                    • 3





                      BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?

                      – Ramhound
                      May 20 '18 at 14:44


















                    -3














                    In the case where this is only a glitch in the BIOS, where the device was never
                    really encrypted, BitLocker needs to be undone in the BIOS.



                    This is the procedure to boot into the BIOS, to find there some way of disabling
                    BitLocker or of resetting the BIOS.



                    To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:




                    1. Power off the Surface – a reboot is not sufficient

                    2. Press and HOLD the Volume UP button (on the left side of the tablet)

                    3. Press and HOLD the Power button for five seconds (on the top of the tablet)

                    4. Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.






                    share|improve this answer


























                    • I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.

                      – harrymc
                      May 20 '18 at 10:59













                    • It is not an error and the only way of disregarding it is to disregard using that computer altogether.

                      – user477799
                      May 20 '18 at 11:23











                    • @EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.

                      – harrymc
                      May 20 '18 at 13:34






                    • 2





                      All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.

                      – Ramhound
                      May 20 '18 at 13:47








                    • 3





                      BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?

                      – Ramhound
                      May 20 '18 at 14:44
















                    -3












                    -3








                    -3







                    In the case where this is only a glitch in the BIOS, where the device was never
                    really encrypted, BitLocker needs to be undone in the BIOS.



                    This is the procedure to boot into the BIOS, to find there some way of disabling
                    BitLocker or of resetting the BIOS.



                    To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:




                    1. Power off the Surface – a reboot is not sufficient

                    2. Press and HOLD the Volume UP button (on the left side of the tablet)

                    3. Press and HOLD the Power button for five seconds (on the top of the tablet)

                    4. Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.






                    share|improve this answer















                    In the case where this is only a glitch in the BIOS, where the device was never
                    really encrypted, BitLocker needs to be undone in the BIOS.



                    This is the procedure to boot into the BIOS, to find there some way of disabling
                    BitLocker or of resetting the BIOS.



                    To boot into the BIOS on a Microsoft Surface 3 Tablet follow these instructions:




                    1. Power off the Surface – a reboot is not sufficient

                    2. Press and HOLD the Volume UP button (on the left side of the tablet)

                    3. Press and HOLD the Power button for five seconds (on the top of the tablet)

                    4. Release the Power button after five seconds but keep holding the volume button until your see the BIOS UEFI.







                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited May 20 '18 at 13:36


























                    community wiki





                    2 revs
                    harrymc














                    • I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.

                      – harrymc
                      May 20 '18 at 10:59













                    • It is not an error and the only way of disregarding it is to disregard using that computer altogether.

                      – user477799
                      May 20 '18 at 11:23











                    • @EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.

                      – harrymc
                      May 20 '18 at 13:34






                    • 2





                      All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.

                      – Ramhound
                      May 20 '18 at 13:47








                    • 3





                      BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?

                      – Ramhound
                      May 20 '18 at 14:44





















                    • I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.

                      – harrymc
                      May 20 '18 at 10:59













                    • It is not an error and the only way of disregarding it is to disregard using that computer altogether.

                      – user477799
                      May 20 '18 at 11:23











                    • @EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.

                      – harrymc
                      May 20 '18 at 13:34






                    • 2





                      All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.

                      – Ramhound
                      May 20 '18 at 13:47








                    • 3





                      BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?

                      – Ramhound
                      May 20 '18 at 14:44



















                    I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.

                    – harrymc
                    May 20 '18 at 10:59







                    I don't like useless downvotes - the guy says he hasn't used BitLocker, so this error is incorrect and to be disregarded. And no way that Linux could have turned on BitLocker, unless the Linux installation tried to change his BIOS.

                    – harrymc
                    May 20 '18 at 10:59















                    It is not an error and the only way of disregarding it is to disregard using that computer altogether.

                    – user477799
                    May 20 '18 at 11:23





                    It is not an error and the only way of disregarding it is to disregard using that computer altogether.

                    – user477799
                    May 20 '18 at 11:23













                    @EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.

                    – harrymc
                    May 20 '18 at 13:34





                    @EUserNameError: Or to undo a glitched BIOS change, in case his device is not really encrypted, which is the case covered by this answer. This may or may not be the case of the poster, but the downvotes are abusive.

                    – harrymc
                    May 20 '18 at 13:34




                    2




                    2





                    All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.

                    – Ramhound
                    May 20 '18 at 13:47







                    All Microsoft Surface products are shipped with BitLocker enabled. The author’s problem isn’t a caused by a glitch. BitLocker can’t be disable in BIOS. So the downvotes you are received are legitimate.

                    – Ramhound
                    May 20 '18 at 13:47






                    3




                    3





                    BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?

                    – Ramhound
                    May 20 '18 at 14:44







                    BitLocker isn’t a feature of the firmware. Are you by chance talking about the TPM key configuration, which can be changed, within the device’s firmware configuration?

                    – Ramhound
                    May 20 '18 at 14:44




















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1324333%2fwhy-my-surface-pro-asks-for-bitlocker-recovery-key%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Why not use the yoke to control yaw, as well as pitch and roll? Announcing the arrival of...

                    Couldn't open a raw socket. Error: Permission denied (13) (nmap)Is it possible to run networking commands...

                    VNC viewer RFB protocol error: bad desktop size 0x0I Cannot Type the Key 'd' (lowercase) in VNC Viewer...