Microsoft has confirmed a known issue where some Windows Server 2025 devices enter BitLocker recovery mode after installing the April 2026 KB5082063 security update. The problem only affects systems with a specific combination of conditions: BitLocker enabled, a particular TPM PCR7 Group Policy configuration, Secure Boot State PCR7 Binding reported as 'Not Possible', and the Windows UEFI CA 2023 certificate present in the Secure Boot DB. Enterprise-managed systems are most at risk. Workarounds include removing the PCR7 Group Policy before deploying the update or applying a Known Issue Rollback (KIR). Microsoft is working on a permanent fix. This is not the first time Windows security updates have triggered BitLocker recovery — similar issues occurred in May 2025, August 2024, and August 2022.
Table of contents
Related Articles:Sort: