How to Switch Bitlocker over to a new Microsoft Account.

Question

Hello,

Two weeks ago I updated windows 11 on my old laptop. This update somehow corrupted windows and my hard drive. To fix this issue, I reinstalled windows on my laptop and replaced the hard drive.

Now the computer boots up and everything appears to be in working order. Before the update, I was signed in with an old school related Microsoft account that had bitlocker device encryption enabled. I no longer want to use this old school account because I am no longer attending the school, so I would like to sign in with my personal Microsoft account on my laptop.

However, I noticed two weird things. First, bitlocker device encryption is still enabled on my laptop, even though it has been setup with a local Windows account (I am not signed in), which I though was not possible. I assume this bitlocker encryption carried over from my previous windows account, but I am honestly not sure.

I am also unsure if the bitlocker pass key for the bitlocker currently on my laptop is the same as the previous bitlocker key linked to my old school account. Is there a way to check this?

Second, my old laptop is still listed under my school Microsoft account in the "Devices" section. It says this laptop has been inactive for two weeks, which I believe indicates this school Microsoft account is no longer linked to my laptop, but then I don't know how or why bitlocker device encryption carried over.

My main question is, is it safe to disable bitlocker device encryption on my laptop with my local Microsoft account like so:

... and then sign in to my personal Microsoft account? From there I can choose to re-enable bitlocker device encryption, but if I do this, will the new pass key be sent to my personal Microsoft account or my old-school account? Basically I want to ensure this laptop is no longer connected to my old-school Microsoft account.

Thanks for any help you can provide.

Answer 1

Hello Luke,

This would be Device Encryption instead of the full "BitLocker". Device Encryption gets turned on automatically if your device supports Modern Standby.

Since you reinstalled Windows 11, the BitLocker recovery key will be different. You can back up the BitLocker recovery key using an option below you want without having to be signed in to a Microsoft account if you wanted to keep using only a local account.

https://www.elevenforum.com/t/backup-bitlocker-recovery-key-in-windows-11.5503/

If wanted, you can remove the device like below from your old school Microsoft account since it's technically no longer the same device.

https://www.elevenforum.com/t/remove-windows-device-from-your-microsoft-account.5374/

Answer 2

Hello

If you haven't logon with your school account, the bitlocker key should be different.

Anyway we could open administrator account command line and run "manage-bde -status C:". You should get the Identifier number of present bitlocker recovery key and you could compare witht the key in your school account. They should be different.

Just as Luke pointed out, present bitlocker should be related device encryption feature.

BitLocker drive encryption in Windows 10 for OEMs | Microsoft Learn

We could configure the following registry key to disable it.

Disable BitLocker automatic device encryption

OEMs can choose to disable device encryption and instead implement their own encryption technology on a device. To disable BitLocker automatic device encryption, you can use an Unattend file and set PreventDeviceEncryption to True.

Alternately, you can update the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\BitLocker registry key:

Value: PreventDeviceEncryption equal to True (1).

Or we just right click the bitlocker drive and turn off the bitlocker from the bitlocker control panel