Microsoft’s June Windows 10 update KB5094127 may cause some PCs to ask for a BitLocker recovery key after restarting, but the issue appears limited to certain business and organization managed devices. Personal Windows 10 PCs are unlikely to be affected unless they use a specific BitLocker Group Policy setup.
The problem appears after installing the June Patch Tuesday cumulative update. Microsoft says affected systems may show the BitLocker recovery screen on the first restart after the update is installed. The recovery key should only be required once, and later restarts should not continue triggering the same prompt if the policy configuration remains unchanged.
This is still a serious issue for organizations because many employees may not know their BitLocker recovery key. If the key is not available, users can be locked out until an IT administrator provides it.
The BitLocker issue affects a narrow set of Windows 10 systems
Microsoft says the problem only applies when several conditions are true at the same time. That means most home PCs should not run into the issue.
The affected devices must have BitLocker enabled on the operating system drive, a specific TPM validation policy configured, PCR7 included in the validation profile, and certain Secure Boot conditions present. The device also must not already be running the 2023 signed Windows Boot Manager.
| Detail | What it means |
|---|---|
| Update involved | Windows 10 KB5094127 |
| Main issue | BitLocker recovery key prompt after restart |
| Most affected systems | Enterprise or IT managed PCs |
| Personal PCs | Unlikely to be affected |
| Recovery prompt | Expected only once on affected systems |
| Microsoft status | A fix is being worked on |
| Temporary workaround | IT admins can remove the affected Group Policy before updating |
The key detail is that Microsoft describes the configuration as “unrecommended.” In other words, the issue is tied to a policy setup that most normal Windows 10 users will not have.
Why this can still cause trouble for businesses
Even if the issue is limited, it can still create headaches for IT teams. BitLocker is widely used in business environments to protect data if a laptop is lost or stolen. When BitLocker recovery appears unexpectedly, employees may panic or assume their PC is broken.
The situation becomes more difficult if users do not have easy access to their recovery keys. In a properly managed environment, IT departments should be able to retrieve the key from management tools or directory services. But that still means help desk tickets, delays, and possible downtime.
For workers who need immediate access to their systems, even a one time recovery prompt can interrupt the workday.
This is not the first BitLocker update problem
The frustrating part is that similar BitLocker recovery prompt issues have appeared before. Previous Windows updates also caused some systems to request recovery keys unexpectedly, including cases reported in 2025.
That history makes this issue more annoying for administrators. BitLocker is supposed to protect systems silently in the background. When updates interfere with that process, it can weaken confidence in the update experience, even if the technical cause is narrow.
Microsoft is currently working on a fix. Until then, the company says IT administrators can work around the problem by removing the specific Group Policy configuration before installing the update.
KB5094127 is part of Windows 10’s ESU phase
KB5094127 is available to Windows 10 users enrolled in the Extended Security Updates program. It applies to Windows 10 21H2 and 22H2 systems that continue receiving security updates after the operating system’s regular support period.
The update includes security fixes and other improvements, so organizations should not ignore it. However, IT teams managing BitLocker protected devices should check whether their systems match Microsoft’s affected conditions before deploying it broadly.
For most home users, there is little reason to worry. Microsoft says the issue is unlikely to appear on personal devices that are not managed by IT departments.
For businesses, the safest approach is to review BitLocker policy settings, confirm recovery key access, and test the update before wide deployment. The issue may only require one recovery key entry, but that one prompt can still cause real disruption if users and IT teams are not prepared.
Discussion (0)
Be the first to comment.