Microsoft has quietly shifted how it handles BitLocker encryption keys, now automatically backing them up to a user’s Microsoft account in the cloud. The change, standardizing a previously optional feature, raises questions about data security and control for millions of Windows users, and also federal agencies who rely on the encryption [[2]]. While Microsoft positions the move as a convenience for key recovery, security experts are weighing the potential risks of centralized storage, especially given recent reports of the FBI obtaining keys via warrant [[3]].
Microsoft Stores Windows Encryption Keys in the Cloud
Microsoft is now storing Windows encryption keys in the cloud, a change that has raised privacy concerns among some users. The shift, which impacts the BitLocker encryption feature, means recovery keys are no longer exclusively stored on the device or backed up locally.
Previously, when a user enabled BitLocker drive encryption, the recovery key was offered to be saved to a Microsoft account, but users also had the option to save it to a USB drive or print it out. Now, according to reports, the key is automatically saved to the user’s Microsoft account in the cloud. This change impacts both consumer and enterprise users.
The company stated that the move simplifies the key recovery process for users who may lose access to their devices or forget their passwords. However, some security experts have expressed concerns about the potential risks associated with storing sensitive encryption keys in the cloud, including the possibility of unauthorized access or data breaches.
BitLocker is a full volume encryption feature included with Microsoft Windows operating systems. It protects data by encrypting an entire drive. The encryption key is essential for accessing the data, and its secure storage is paramount. The change in storage location has prompted discussion about the balance between convenience and security.
Microsoft has not yet commented publicly on the specific reasons for the change, but the company has been increasingly focused on cloud-based services and data management. This move highlights Big Tech’s continued investment in cloud security and user account integration.
Users can still download their BitLocker recovery key from their Microsoft account, but the automatic cloud backup is now the default setting. The company provides instructions on how to manage and download these keys.
