Why did my Bitlocker Encryption suspend, and what should I do about it?

Charles H Riggs III 0 Reputation points
2024-06-25T20:36:05.7766667+00:00

I've had this Dell computer for a year. I never turned BitLocker Encryption on or off in that time. Dell insists they sold it to me a year ago with BitLocker Encryption turned on, but I don't know personally if that is or is not accurate. I just know that two days ago, this yellow triangle appeared in my File Explorer on top of the listing for my C hard drive. They tell me it's because BitLocker Encryption has been suspended. They also told me they can't help me and told me to "call" Microsoft.

How do I "call" Microsoft?

And now, after reading the AI response, quoted below, I'm really thinking about this. What happens if I tell BitLocker Encryption to resume and then it fails to suspend the next time I install third party software? The AI response is telling me that, if that happens, there is a chance that the computer will boot up into recovery mode, which means that I will have to provide the recovery key in order for the computer to properly boot up. I really don't like the sound of that. Might I be better off just turning BitLocker Encryption off??????

Windows 11
Windows 11
A Microsoft operating system designed for productivity, creativity, and ease of use.
8,873 questions
0 comments No comments
{count} votes

3 answers

Sort by: Most helpful
  1. Q&A Assist
    2024-06-25T20:36:05.8033333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    If BitLocker encryption has been suspended, it could be due to a variety of reasons, including system updates or upgrades. According to Microsoft, no user action is required for BitLocker in order to apply updates from Microsoft, including Windows quality updates and feature updates. However, users need to suspend BitLocker for non-Microsoft software updates, such as TPM firmware updates that clear the TPM outside of the Windows API, non-Microsoft application updates that modify the UEFI/BIOS configuration, and manual or non-Microsoft updates to secure boot databases. If BitLocker is suspended, it can be resumed after the update or upgrade is installed. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, the computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.

    If you need to contact Microsoft for assistance with BitLocker, you can visit their support website or contact their customer support team by phone.


    References:


  2. Ian Xue (Shanghai Wicresoft Co., Ltd.) 33,941 Reputation points Microsoft Vendor
    2024-06-27T03:21:26.7+00:00

    Hi Charles,

    Thanks for your post. Generally speaking, no user action is required for BitLocker in order to apply updates from Microsoft, including Windows quality updates and feature updates. Users need to suspend BitLocker for Non-Microsoft software updates, such as:

    • Some TPM firmware updates if these updates clear the TPM outside of the Windows API. Not every TPM firmware update will clear the TPM. Users don't have to suspend BitLocker if the TPM firmware update uses Windows API to clear the TPM because in this case, BitLocker will be automatically suspended. It's recommended that users test their TPM firmware updates if they don't want to suspend BitLocker protection
    • Non-Microsoft application updates that modify the UEFI\BIOS configuration
    • Manual or non-Microsoft updates to secure boot databases (only if BitLocker uses Secure Boot for integrity validation)
    • Updates to UEFI\BIOS firmware, installation of additional UEFI drivers, or UEFI applications without using the Windows update mechanism (only if BitLocker doesn't use Secure Boot for integrity validation during updates)
    • BitLocker can be checked if it uses Secure Boot for integrity validation with the command line manage-bde.exe -protectors -get C:. If Secure Boot for integrity validation is being used, it reports Uses Secure Boot for integrity validation

    If BitLocker is suspended, you can resume BitLocker protection after the upgrade or update is installed. Upon resuming protection, BitLocker will reseal the encryption key to the new values of the measured components that changed as a part of the upgrade or update. If these types of upgrades or updates are applied without suspending BitLocker, the computer will enter recovery mode when restarting and will require a recovery key or password to access the computer.

    Also, if you need MS professional support, it is recommended to contact Microsoft Phone Support. Support channel: Contact Us - Microsoft Support

    Best Regards,

    Ian Xue


    If the Answer is helpful, please click "Accept Answer" and upvote it.

    0 comments No comments

  3. Deleted

    This answer has been deleted due to a violation of our Code of Conduct. The answer was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.


    Comments have been turned off. Learn more